CVE-2024-25975

MEDIUM

HAWKI - Authenticated Arbitrary File Overwrite via Path Traversal in Vote Function

Title source: llm

Description

The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).

References (3)

Core 3

Core References

Mailing List

http://seclists.org/fulldisclosure/2024/May/34

Various Sources third-party-advisory

https://r.sec-consult.com/hawki

Patch patch

https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1

Scores

CVSS v3 6.5

EPSS 0.0059

EPSS Percentile 43.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-73

Status published

Products (1)

Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany/HAWKI versions before commit 146967f

Published May 29, 2024

Tracked Since Feb 18, 2026