Local File Inclusion Vulnerability in CmsEasy by CmsEasy
CVE-2024-34314
4.9MEDIUM
What is CVE-2024-34314?
A local file inclusion vulnerability has been identified in CmsEasy v7.7.7.9, specifically through the use of the file_get_contents function found in the fetch_action method of the /admin/template_admin.php file. This security flaw allows attackers the potential to read arbitrary files on the server, which could lead to unauthorized information disclosure. It is essential for users of the affected version to apply necessary security measures and updates to mitigate the risk associated with this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved