CVE-2024-2563

CVSS 3.1 Score 8.9 of 10 (high)

Details

Published Mar 17, 2024

Updated: May 17, 2024

CWE ID 349

CWE ID 345

Summary

CVE-2024-2563 is a critical vulnerability affecting PandaXGO PandaX versions up to 20240310. This issue lies in the function DeleteImage of the file /apps/system/router/upload.go. An attacker can exploit this path traversal vulnerability by manipulating the argument fileName with the input ../../../../../../../../../tmp/1.txt, leading to a traversal to '../filedir'. The exploit can be initiated remotely, and the vulnerability details have been made public, increasing the risk of exploitation. VDB-257062 is the identifier assigned to this security issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uc8q5F
https://www.cve.org/CVERecord?id=CVE-2024-2563
https://nvd.nist.gov/vuln/detail/CVE-2024-2563

Back to Vulnerability Database

CVE-2024-2563

CVSS 3.1 Score 8.9 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations