CVE-2024-51376

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 12, 2025

Updated: Feb 13, 2025

CWE ID 22

Summary

CVE-2024-51376 is a newly disclosed Directory Traversal vulnerability affecting the carRental software version 1.0 by yeqifu. This issue permits remote attackers to access sensitive information by manipulating the file/downloadFile.action?path= parameter, thereby bypassing intended access restrictions. Successful exploitation could result in the exposure of confidential data, leading to potential security risks. It is highly recommended that affected organizations apply the necessary patches or updates to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z7X9Sf
https://www.cve.org/CVERecord?id=CVE-2024-51376
https://nvd.nist.gov/vuln/detail/CVE-2024-51376

Back to Vulnerability Database

CVE-2024-51376

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations