Directory Traversal Vulnerability in TOSEI Online Store Management System
CVE-2024-43022

7.5HIGH

Key Information:

Vendor: TOSEI
Status: TOSEI Online Store Management System
Vendor: CVE Published:; 21 August 2024

What is CVE-2024-43022?

An exploitable directory traversal vulnerability exists in the downloader.php component of TOSEI Online Store Management System versions 4.02, 4.03, and 4.04. This flaw allows attackers to gain unauthorized access to files outside the intended directory structure, potentially leading to data exposure or further exploitation within the system. It is crucial for users of these versions to implement appropriate security measures and update to mitigate the risks associated with this vulnerability.

References

https://gist.github.com/b0rgch3n/6ba0b04da7e48ead20f10b15...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2024

CVE-2024-43022 Data

JSON