CVE-2024-11801

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 28, 2024
Updated: Dec 3, 2024
CWE ID 787

Summary

CVE-2024-11992 is a newly disclosed vulnerability affecting Quick.CMS version 6.7. This issue involves an absolute path traversal weakness, which allows remote users to bypass intended file access restrictions by manipulating the aDirFiles%5B0%5D parameter in the admin.php page. Successful exploitation grants attackers the ability to download arbitrary files if they have appropriate permissions outside of documentroot on the targeted server. Furthermore, an attacker can leverage this vulnerability to delete sensitive files due to insufficient verification of user-supplied input.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share