Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system.
History

Tue, 21 Jan 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Webtrees
Webtrees webtrees
Weaknesses CWE-22
CPEs cpe:2.3:a:webtrees:webtrees:2.1.18:*:*:*:*:*:*:*
Vendors & Products Webtrees
Webtrees webtrees

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-01T22:51:11.012Z

Reserved: 2024-01-11T00:00:00

Link: CVE-2024-22723

cve-icon Vulnrichment

Updated: 2024-08-01T22:51:11.012Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-28T06:15:49.827

Modified: 2025-01-21T18:31:46.820

Link: CVE-2024-22723

cve-icon Redhat

No data.