CVE-2024-0354

Name of the Vulnerable Software and Affected Versions unknown-o download-station versions up to 1.1.8

Description A critical issue has been found in the unknown-o download-station, affecting the processing of the file index.php. The manipulation of the argument f leads to path traversal, allowing an attacker to access files outside the intended directory, such as '../filedir'. This issue can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For versions up to 1.1.8, as a temporary workaround, consider restricting access to the f argument in the index.php file to minimize the risk of path traversal exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.