CVE-2024-7458

Name of the Vulnerable Software and Affected Versions elunez eladmin versions up to 2.7

Description A critical issue affects the Database Management/Deployment Management component, specifically the /api/deploy/upload and /api/database/upload API endpoints. The manipulation of the file argument leads to path traversal, allowing access to files outside the intended directory, as demonstrated by the example 'dir/../../filename'. The exploit has been publicly disclosed.

Recommendations For elunez eladmin versions up to 2.7, consider restricting access to the /api/deploy/upload and /api/database/upload API endpoints until a patch is available. As a temporary workaround, avoid using the file argument in these endpoints to minimize the risk of path traversal exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.