CVE-2024-0416

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 11, 2024

Updated: May 17, 2024

CWE ID 24

Summary

CVE-2024-0416 is a critical vulnerability affecting DeShang DSMall up to version 5.0.3. This issue lies within the unknown functionality of the file application/home/controller/MemberAuth.php. A path traversal vulnerability is present, which enables attackers to manipulate the argument file_name and gain unauthorized access by traversing directories '../filedir'. The exploit for this vulnerability has been made public, increasing the risk of remote attacks. The identifier for this vulnerability is VDB-250436.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uG1v3P
https://www.cve.org/CVERecord?id=CVE-2024-0416
https://nvd.nist.gov/vuln/detail/CVE-2024-0416

Back to Vulnerability Database

CVE-2024-0416

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations