CVE-2024-45241

HIGH NUCLEI

CentralSquare CryWolf - Path Traversal

Title source: llm

Description

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.

Exploits (2)

nomisec WRITEUP 6 stars

by verylazytech · poc

https://github.com/verylazytech/CVE-2024-45241

View Code ZIP pw:eip

nomisec WRITEUP

by d4lyw · poc

https://github.com/d4lyw/CVE-2024-45241

View Code ZIP pw:eip

Nuclei Templates (1)

CentralSquare CryWolf - Path Traversal

HIGHVERIFIEDby s4e-io

FOFA: False Alarm Reduction Website

References (3)

[Various Sources] https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf/

[Various Sources] https://github.com/d4lyw/CVE-2024-45241/

[Various Sources] https://www.centralsquare.com/solutions/public-safety-software/public-safety-agency-operations/crywolf-false-alarm-management-solution

Scores

CVSS v3 7.5

EPSS 0.9066

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Published Aug 26, 2024

Tracked Since Feb 18, 2026