CVE-2024-8685

Publication date

2025-02-10 12:46:27

Family

INCIBE

State

PUBLISHED

Description

Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to list device directories via the ‘/pictory/php/getFileList.php’ endpoint in the ‘dir’ parameter.