Directory Traversal Vulnerability in TOSEI Online Store Management System
CVE-2024-43022

Currently unrated

Key Information:

Vendor: TOSEI
Status: TOSEI Online Store Management System
Vendor: CVE Published:; 21 August 2024

Summary

An exploitable directory traversal vulnerability exists in the downloader.php component of TOSEI Online Store Management System versions 4.02, 4.03, and 4.04. This flaw allows attackers to gain unauthorized access to files outside the intended directory structure, potentially leading to data exposure or further exploitation within the system. It is crucial for users of these versions to implement appropriate security measures and update to mitigate the risks associated with this vulnerability.

References

https://gist.github.com/b0rgch3n/6ba0b04da7e48ead20f10b15...

Timeline

Vulnerability published
Aug 21, 2024