Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.
Metrics
Affected Vendors & Products
References
History
Tue, 21 Jan 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Webtrees
Webtrees webtrees |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:webtrees:webtrees:2.1.18:*:*:*:*:*:*:* | |
Vendors & Products |
Webtrees
Webtrees webtrees |

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-01T22:51:11.012Z
Reserved: 2024-01-11T00:00:00
Link: CVE-2024-22723

Updated: 2024-08-01T22:51:11.012Z

Status : Analyzed
Published: 2024-02-28T06:15:49.827
Modified: 2025-01-21T18:31:46.820
Link: CVE-2024-22723

No data.