CVE-2024-6746
MEDIUM NUCLEINaiboWang EasySpider 0.6.2 - Path Traversal
Title source: llmDescription
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".
Nuclei Templates (1)
EasySpider 0.6.2 - Arbitrary File Read
MEDIUMby s4e-io
Scores
CVSS v3
4.3
EPSS
0.7385
EPSS Percentile
98.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
CWE-24
Status
published
Products (1)
easyspider/easyspider
0.6.2
Published
Jul 15, 2024
Tracked Since
Feb 18, 2026