Security Advisory

CVE-2024-8941

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-24 11:50:58

Last updated 2024-09-24 13:27:40

Assigner INCIBE

State PUBLISHED

Description

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManagers intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application.

← Browse all CVEs View on cve.org ↗