CVE-2024-11238

MEDIUM EXPLOITED NUCLEI

Landray Ekp < 16.0 - Path Traversal

Title source: rule

Description

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Nuclei Templates (1)

Landray EKP - Path Traversal
MEDIUMVERIFIEDby theamanrawat
Shodan: http.favicon.hash:831854882

References (4)

Scores

CVSS v3 6.5
EPSS 0.1200
EPSS Percentile 93.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

VulnCheck KEV 2025-05-09
CWE
CWE-22
Status published
Products (1)
landray/landray_ekp < 16.0
Published Nov 15, 2024
Tracked Since Feb 18, 2026