CVE-2024-12482

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 24
CWE ID 23
CWE ID 22

Summary

CVE-2024-12482 is a recently disclosed vulnerability affecting the Database Backup Handler component in cjbi wetech-cms versions 1.0/1.1/1.2. This issue, rated as problematic, resides in the BackupFileUtil.java file located in the wetech-basic-common directory. The vulnerability enables attackers to traverse directories by manipulating the argument name, potentially granting them unauthorized access. This exploit can be executed remotely, increasing the severity of the risk. Unfortunately, the vendor has not responded to disclosure of this vulnerability, leaving affected systems potentially vulnerable to attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share