Path Traversal Vulnerability Affects MH Board
CVE-2024-44017
7.5HIGH
Summary
A vulnerability exists in MH Board developed by MinHyeong Lim, specifically a Path Traversal issue that enables PHP Local File Inclusion. This security flaw can allow unauthorized access to sensitive files on the server by exploiting improper limitations of a pathname to a restricted directory. The issue is present in various versions of MH Board up to 1.3.2.1, making it a significant concern for system administrators and users of this product.
Affected Version(s)
MH Board <= 1.3.2.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
tahu.datar (Patchstack Alliance)