CVE-2024-25164

Name of the Vulnerable Software and Affected Versions iDURAR version 2.0.0

Description A Path Traversal vulnerability exists, allowing unauthenticated attackers to expose sensitive files via the download functionality. The issue can be exploited using backslashes. For example, an attacker can use the endpoint "http://localhost/download..%2f....%2fetc%2fpasswd" to access sensitive files.

Recommendations For iDURAR version 2.0.0, consider disabling the download functionality until a patch is available to prevent exploitation of the Path Traversal vulnerability. Restrict access to sensitive files and directories to minimize the risk of exposure.