CVE-2024-8875

Summary

CVE-2024-8875 is a critical vulnerability affecting the Vedees WCMS versions up to 0.3.2, specifically within the functionality of the file /wex/finder.php. This vulnerability allows for path traversal through manipulation of the argument p, enabling remote attackers to exploit it without requiring authentication or user interaction. The integrity impact is rated as high, and it poses a significant risk of unauthorized access or modification of files within the system. Organizations using affected products are advised to implement immediate remediation steps, although specific guidance from the vendor has not been provided. As the exploit has been publicly disclosed, prompt action is essential to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.