Path Traversal Vulnerability in Elunez Eladmin Database Management
CVE-2024-7458

9.8CRITICAL

Key Information:

Vendor

Elunez

Status
Eladmin
Vendor
CVE Published:
4 August 2024

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2024-7458?

A critical path traversal vulnerability has been identified in Elunez Eladmin, specifically affecting versions up to 2.7 within its Database Management and Deployment Management components. By manipulating the upload functionality of the API, an attacker may exploit this vulnerability to access arbitrary files on the server. The attack leverages a crafted file argument to traverse directories using patterns such as 'dir/../../filename', which could expose sensitive information or system files. Given the potential impact of this exploit, it is crucial for affected users to implement security measures, such as updating to the latest version of the software, to mitigate the risk of unauthorized access.

Affected Version(s)

eladmin 2.0

eladmin 2.1

eladmin 2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7458 - Proof of Concept

References

https://vuldb.com/?id.273551
vdb-entrytechnical-description
https://vuldb.com/?ctiid.273551
signaturepermissions-required
https://vuldb.com/?submit.380498
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

nerowander (VulDB User)
nerowander (VulDB User)
.