Path Traversal Vulnerability Affects MH Board
CVE-2024-44017

7.5HIGH

Key Information:

Vendor
WordPress
Status
Vendor
CVE Published:
2 October 2024

Summary

A vulnerability exists in MH Board developed by MinHyeong Lim, specifically a Path Traversal issue that enables PHP Local File Inclusion. This security flaw can allow unauthorized access to sensitive files on the server by exploiting improper limitations of a pathname to a restricted directory. The issue is present in various versions of MH Board up to 1.3.2.1, making it a significant concern for system administrators and users of this product.

Affected Version(s)

MH Board <= 1.3.2.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tahu.datar (Patchstack Alliance)
.