PT-2024-29384 · Dzzoffice · Dzzoffice
Xjzzzxx
·
Published
2024-08-05
·
Updated
2025-11-20
·
CVE-2024-41376
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
dzzoffice version 2.02.1
Description
The issue allows for Directory Traversal via the
user/space/about.php endpoint. This means an attacker could potentially access files outside the intended directory structure by manipulating the input to the vulnerable endpoint.Recommendations
For dzzoffice version 2.02.1, consider restricting access to the
user/space/about.php endpoint until a patch is available. As a temporary workaround, review and limit file access permissions to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dzzoffice