CVE-2024-53586

Name of the Vulnerable Software and Affected Versions WebFileSys version 2.31.0

Description An issue in the relPath parameter allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the relPath parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.

Recommendations For WebFileSys version 2.31.0, consider restricting access to the relPath parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the relPath parameter in HTTP requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.