CVE-2024-11838 | THREATINT

Description

External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

PUBLISHED Reserved 2024-11-26 | Published 2024-12-13 | Updated 2024-12-16 | Assigner PlexTrac

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/U:Red

Problem types

CWE-73 External Control of File Name or Path

Product status

Default status

unaffected

1.61.3 (semver) before 2.8.1

affected

Credits

Ianis Bernard finder

References

docs.plextrac.com/...ocumentation/master/security-advisories

cve.org (CVE-2024-11838)

nvd.nist.gov (CVE-2024-11838)

Download JSON