Path Traversal Vulnerability Affects Event post

CVE-2024-38735

7.5HIGH

Key Information

Vendor: N.o.u.s. Open Useful And Simple
Status: Event Post
Vendor: CVE Published:; 12 July 2024

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in N.O.U.S. Open Useful and Simple Event post allows PHP Local File Inclusion.This issue affects Event post: from n/a through 5.9.5.

Affected Version(s)

Event post <= 5.9.5

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 12, 2024
Vulnerability Reserved.
Jun 19, 2024

Collectors

NVD DatabaseMitre Database

Credit

Emili Castells (Patchstack Alliance)