PT-2024-17744 · Pbootcms · Pbootcms
J1Rry
·
Published
2024-12-19
·
Updated
2025-01-06
·
CVE-2024-12793
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PbootCMS versions prior to 5.2.4
Description
A problem has been found in some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely.
Recommendations
For versions prior to 5.2.4, upgrade to version 5.2.4 to address this issue. As a temporary workaround, consider restricting access to the affected file apps/home/controller/IndexController.php until the update is applied.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pbootcms