A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Fri, 13 Dec 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Cjbi
Cjbi wetech-cms
Weaknesses CWE-22
CPEs cpe:2.3:a:cjbi:wetech-cms:1.0:*:*:*:*:*:*:*
cpe:2.3:a:cjbi:wetech-cms:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cjbi:wetech-cms:1.2:*:*:*:*:*:*:*
Vendors & Products Cjbi
Cjbi wetech-cms

Wed, 11 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Dec 2024 19:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title cjbi wetech-cms Database Backup BackupFileUtil.java backup path traversal
Weaknesses CWE-23
CWE-24
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:P/I:N/A:N'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-11T19:31:06.607Z

Updated: 2024-12-11T21:24:13.491Z

Reserved: 2024-12-11T12:34:28.704Z

Link: CVE-2024-12482

cve-icon Vulnrichment

Updated: 2024-12-11T21:24:10.215Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-12T01:40:29.433

Modified: 2024-12-13T17:11:44.680

Link: CVE-2024-12482

cve-icon Redhat

No data.