CVE-2024-22723

MEDIUM

webtrees 2.1.18 - Authenticated Path Traversal via Media Folder Parameter

Title source: llm

Description

Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://cupc4k3.medium.com/cve-2024-22723-webtrees-vulnerability-uncovering-sensitive-data-through-path-traversal-7442e7a38b68

Scores

CVSS v3 4.9

EPSS 0.0088

EPSS Percentile 54.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-31

Status published

Products (2)

fisharebest/webtrees 0Packagist

webtrees/webtrees 2.1.18

Published Feb 28, 2024

Tracked Since Feb 18, 2026