PT-2024-20383 · Stimulsoft · Stimulsoft Dashboard.Js

Di Lukas Hammer

Published

2024-02-05

Updated

2024-02-13

CVE-2024-24398

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Stimulsoft Dashboard.JS versions prior to 2024.1.2

Description A Directory Traversal issue allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. This enables the attacker to potentially access and manipulate files outside the intended directory structure.

Recommendations For versions prior to 2024.1.2, update to version 2024.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Save function or validating the fileName parameter to prevent malicious payloads.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-24398

GHSA-GFQF-9W98-7JMX

Affected Products

Stimulsoft Dashboard.Js

PT-2024-20383 · Stimulsoft · Stimulsoft Dashboard.Js

CVE-2024-24398

Weakness Enumeration

Related Identifiers

Affected Products

References · 10