CVE-2024-54452
MEDIUMKurmi Provisioning Suite <7.9.0.35-7.10.0.18 - Path Traversal
Title source: llmDescription
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password.
References (2)
Core 2
Core References
Various Sources
https://kurmi-software.com/cve/cve-2024-54452/
Various Sources
https://kurmi-software.com
Scores
CVSS v3
4.9
EPSS
0.0081
EPSS Percentile
52.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Published
Dec 27, 2024
Tracked Since
Feb 18, 2026