Critical

chuanhuchatgpt

Path Traversal Leading to RCE, Directory Creation, and CSV File Leakage

The latest version of the software has a path traversal vulnerability in the user upload feature, leading to arbitrary file upload (potential RCE), arbitrary directory creation, and CSV file content leakage. The issue has not yet been patched.

Available publicly on Jun 24 2024

9.1

CVE:

CVE-2024-5982

CWE:

22:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Credit:

fatmo666
AssessDetect

Premium

Remediate
Remediation Steps
  • Sanitize user inputs to prevent path traversal.
  • Validate and restrict the user_name parameter to ensure it does not contain absolute paths or special characters.
  • Implement proper input validation for directory creation and file reading functions.
  • Regularly update and patch the software to address known vulnerabilities.
  • Conduct security audits and code reviews to identify and mitigate potential security issues.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.