CVE-2024-6746

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 15, 2024
Updated: Jul 19, 2024
CWE ID 24
CWE ID 22

Summary

CVE-2024-6746 is a newly disclosed vulnerability affecting NaiboWang EasySpider 0.6.2 on Windows. The issue lies within the HTTP GET Request Handler component's server.js file, located at \\EasySpider\\resources\\app. An attacker can manipulate the input using a path traversal technique, specifically /../../../../../../../../../Windows/win.ini, leading to a file access issue. This vulnerability requires an attacker to be within the local network and has been publicly disclosed, increasing the risk. The vulnerability database VDB has assigned the identifier VDB-271477 to this issue. Despite the code maintainer's assessment, this local path traversal vulnerability still poses a potential threat to affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share