CVE-2024-39171

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHPVibe version 11.0.46

Description The issue is related to directory travel in PHPVibe, caused by incomplete blacklist checksums and directory checks. This can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.

Recommendations For PHPVibe version 11.0.46, update to a version that addresses the incomplete blacklist checksums and directory checks to prevent code execution via malicious file writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-35

Related Identifiers

CVE-2024-39171

Affected Products

Phpvibe

CVE-2024-39171

Weakness Enumeration

Related Identifiers

Affected Products

References · 7