-
Byte Open Security
(ByteOS Network)
Log In
Sign Up
CVE Vulnerability Details :
CVE-2024-42007
PUBLISHED
More Info
Official Page
Assigner
-
mitre
Assigner Org ID
-
8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At
-
26 Jul, 2024 | 00:00
Updated At
-
19 Aug, 2024 | 07:47
Rejected At
-
▼
CVE Numbering Authority (CNA)
SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.
Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
n/a
Problem Types
Type
CWE ID
Description
text
N/A
n/a
Type:
text
CWE ID:
N/A
Description:
n/a
Metrics
Version
Base score
Base severity
Vector
3.1
5.8
MEDIUM
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N
Version:
3.1
Base score:
5.8
Base severity:
MEDIUM
Vector:
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
https://github.com/NoiseByNorthwest/php-spx/issues/251
N/A
Hyperlink:
https://github.com/NoiseByNorthwest/php-spx/issues/251
Resource:
N/A
▼
Authorized Data Publishers (ADP)
1.
CISA ADP Vulnrichment
Affected Products
Vendor
noisebynorthwest
Product
php-spx
CPEs
cpe:2.3:a:noisebynorthwest:php-spx:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
From
0
through
0.4.15
(custom)
Problem Types
Type
CWE ID
Description
CWE
CWE-548
CWE-548 Exposure of Information Through Directory Listing
CWE
CWE-22
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type:
CWE
CWE ID:
CWE-548
Description:
CWE-548 Exposure of Information Through Directory Listing
Type:
CWE
CWE ID:
CWE-22
Description:
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
Version
Base score
Base severity
Vector
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
2.
CVE Program Container
Affected Products
Metrics
Version
Base score
Base severity
Vector
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
https://github.com/NoiseByNorthwest/php-spx/issues/251
x_transferred
https://www.vicarius.io/vsociety/posts/journey-to-discovery-and-exploitation-of-path-traversal-in-php-spx-cve-2024-42007
N/A
Hyperlink:
https://github.com/NoiseByNorthwest/php-spx/issues/251
Resource:
x_transferred
Hyperlink:
https://www.vicarius.io/vsociety/posts/journey-to-discovery-and-exploitation-of-path-traversal-in-php-spx-cve-2024-42007
Resource:
N/A
Details not found