CVE-2024-11239

Name of the Vulnerable Software and Affected Versions Landray EKP versions up to 16.0

Description A critical vulnerability has been found in Landray EKP, affecting the deleteFile function of the file /sys/common/import.do?method=deleteFile in the API Interface component. The manipulation of the folder argument leads to path traversal. This issue can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Landray EKP versions up to 16.0, update to the latest patch immediately to mitigate risks. As a temporary workaround, consider restricting access to the /sys/common/import.do?method=deleteFile endpoint until a patch is available. Avoid using the folder argument in the affected API endpoint until the issue is resolved.