CVE-2024-32523
HIGHEverPress Mailster <4.0.6 - Path Traversal
Title source: llmDescription
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.
Exploits (2)
nomisec
WRITEUP
by tucommenceapousser · poc
https://github.com/tucommenceapousser/CVE-2024-32523-Poc
References (2)
Scores
CVSS v3
8.1
EPSS
0.4743
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
Details
CWE
CWE-98
Status
published
Products (1)
EverPress/Mailster
< 4.0.6
Published
May 17, 2024
Tracked Since
Feb 18, 2026