CVE-2024-54452
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Published Dec 27, 2024
Updated: Dec 28, 2024
CWE ID 22
Summary
CVE-2024-54452 is a vulnerability affecting Kurmi Provisioning Suite versions before 7.9.0.35 and 7.10.x through 7.10.0.18. This issue permits authenticated administrators to perform a Directory Traversal and Local File Inclusion attack on the logsSys.do page. By exploiting this vulnerability, attackers can access and display unintended files, potentially gaining sensitive information such as database passwords, which are accessible to the Kurmi user account.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.