CVE-2024-53586

MEDIUM

WebFileSys <2.31.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-53586. PoCs published by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee.

AI-analyzed exploit summary This exploit demonstrates a directory path traversal vulnerability in WebFileSys 2.31.0 via the 'relPath' parameter, allowing unauthorized access to files outside the intended directory. The PoC uses a simple HTTP GET request with a traversal payload to exploit the flaw.

Description

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.

Exploits (1)

exploitdb WORKING POC
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee · textwebappsmultiple
https://www.exploit-db.com/exploits/52185

This exploit demonstrates a directory path traversal vulnerability in WebFileSys 2.31.0 via the 'relPath' parameter, allowing unauthorized access to files outside the intended directory. The PoC uses a simple HTTP GET request with a traversal payload to exploit the flaw.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WebFileSys 2.31.0
Auth required
Prerequisites: Valid session cookie (JSESSIONID) · Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.0544
EPSS Percentile 90.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Published Feb 06, 2025
Tracked Since Feb 18, 2026