CVE-2024-8707

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 12, 2024
CWE ID 22

Summary

CVE-2024-8707 is a vulnerability affecting the Yunke Online School System (versions up to 3.0.6), specifically in the downfile function of application/admin/controller/Appadmin.php, which allows for path traversal due to improper handling of the url argument. This vulnerability can be exploited remotely, posing a medium-level threat to organizations using impacted products such as ygwTDZ, ygwTDY, ygwTDa, ygwTDX, ygu6rt, ygu6rs, and ygu6rr. The potential danger includes unauthorized access to files outside the intended directory structure, which could compromise data confidentiality. Remediation measures involve updating the affected software to address the flaw and ensure proper validation of user inputs related to file paths. The vulnerability has been publicly disclosed and carries a CVSS 3.1 score of 4.3, indicating a low complexity for exploitation with minimal privileges required.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share