CVE-2024-53586 — MEDIUM (5.3)

Vulnerability Description

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-22

References

https://packetstorm.news/files/id/189017

FAQ

What is CVE-2024-53586?

CVE-2024-53586 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers...

How severe is CVE-2024-53586?

CVE-2024-53586 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-53586?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.