CVE-2024-51483

MEDIUM NUCLEI

changedetection.io < 0.47.5 - Path Traversal via WebDriver File URL

Title source: llm

Exploitation Summary

CVE-2024-51483 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditional `file:///etc/passwd` gets blocked. Version 0.47.5 fixes the issue.

Nuclei Templates (1)

Changedetection.io <= 0.47.4 - Path Traversal

MEDIUMVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.title:"change detection"

FOFA: title="change detection"

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-cwgg-57xj-g77r

Various Sources x_refsource_misc

https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35

View Writeup ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf

Scores

CVSS v4 6.9

EPSS 0.0229

EPSS Percentile 80.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

dgtlmoon/changedetection.io < 0.47.5

pypi/changedetection.io 0 - 0.47.5PyPI

Published Nov 01, 2024

Tracked Since Feb 18, 2026