CVE-2024-39171
CRITICALphpvibe 11.0.3-11.0.46 - Path Traversal and Remote Code Execution via .htaccess and PNG File Upload
Title source: llmDescription
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.
References (2)
Core 2
Core References
Product
http://phpvibe.com
Exploit, Third Party Advisory
https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal
Scores
CVSS v3
9.8
EPSS
0.0125
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-35
Status
published
Products (1)
phpvibe/phpvibe
11.0.3 - 11.0.46
Published
Jul 09, 2024
Tracked Since
Feb 18, 2026