CVE-2024-45241

Sažetak

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.

Reference

https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf/
https://github.com/d4lyw/CVE-2024-45241/
https://www.centralsquare.com/solutions/public-safety-software/public-safety-agency-operations/crywolf-false-alarm-management-solution

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

26-08-2024 - 16:35

Objavljeno

26-08-2024 - 07:15