CVE-2024-53586
MEDIUMWebFileSys <2.31.0 - Path Traversal
Title source: llmDescription
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.
Exploits (1)
exploitdb
WORKING POC
by Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsuchotmetee · textwebappsmultiple
https://www.exploit-db.com/exploits/52185
References (1)
Scores
CVSS v3
5.3
EPSS
0.0390
EPSS Percentile
88.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Published
Feb 06, 2025
Tracked Since
Feb 18, 2026