Directory Traversal in lsgwr Spring Boot Exam v0.9 via FileTransUtil.java
CVE-2024-29466 Published on April 30, 2024

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

NVD

Vulnerability Analysis

CVE-2024-29466 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Path Traversal: '/dir/../filename'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.

Exploit Probability

EPSS

0.84%

Percentile

75.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Directory Traversal in lsgwr Spring Boot Exam v0.9 via FileTransUtil.javaCVE-2024-29466 Published on April 30, 2024

Vulnerability Analysis

Weakness Type

Path Traversal: '/dir/../filename'

Exploit Probability

Directory Traversal in lsgwr Spring Boot Exam v0.9 via FileTransUtil.java
CVE-2024-29466 Published on April 30, 2024