CVE-2024-3686

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published Apr 12, 2024

Updated: May 17, 2024

CWE ID 24

Summary

CVE-2024-3686 is a newly disclosed vulnerability affecting DedeCMS 5.7.112-UTF8. This issue lies within an unidentified functionality of update_guide.php, which is exploitable through a path traversal attack. An attacker can manipulate the argument files and traverse to the 'filedir' directory remotely. The exploit code is publicly available, increasing the threat potential. The vulnerability has been assigned the identifier VDB-260473, and despite early disclosure, the vendor has not responded.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DedeCMS

Affected Vendors

DedeCMS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vVptX-
https://www.cve.org/CVERecord?id=CVE-2024-3686
https://nvd.nist.gov/vuln/detail/CVE-2024-3686

Back to Vulnerability Database