PT-2024-26736 · Unknown · Yahman Word Balloon

João Pedro S Alcântara

Published

2024-06-21

Updated

2024-06-24

CVE-2024-35781

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions YAHMAN Word Balloon versions prior to 4.21.1

Description The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion.

Recommendations For versions prior to 4.21.1, update to a version that contains a fix for this issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-35781

Affected Products

Yahman Word Balloon

PT-2024-26736 · Unknown · Yahman Word Balloon

CVE-2024-35781

Weakness Enumeration

Related Identifiers

Affected Products

References · 3