CVE-2024-38715

Name of the Vulnerable Software and Affected Versions ExS Widgets versions 0.3.1 and earlier

Description The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion in ExS Widgets. This type of issue can enable an attacker to access files outside the intended directory, potentially leading to sensitive information disclosure or other security issues.

Recommendations For ExS Widgets versions 0.3.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.