Absolute Path Traversal Vulnerability Allows Unrestricted File Access
CVE-2024-11992
9.1CRITICAL
What is CVE-2024-11992?
An absolute path traversal vulnerability has been identified in Quick.CMS version 6.7, enabling remote users to bypass intended security measures. The exploitation occurs through the aDirFiles%5B0%5D parameter within the admin.php page, allowing unauthorized access to files outside the configured document root of the server. This vulnerability can lead to the download of sensitive files and potentially enable attackers to delete files due to insufficient validation of user-supplied input. Organizations using the affected version are urged to implement security measures promptly.
Affected Version(s)
Quick.CMS 6.7