How severe is CVE-2024-2318?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-2318?

This is classified as CWE-24, which is a common weakness in software security.

CVE-2024-2318

HIGH Year: 2024

CVSS v3 Score

7.5

High

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-24

View all →

Vulnerability Description

A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2014-125033

HIGH

CVSS:7.5(High)

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipula...

CWE-242014

CVE-2018-25094

HIGH

CVSS:7.5(High)

A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/de...

CWE-242018

CVE-2019-25087

HIGH

CVSS:7.5(High)

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler....

CWE-242019

CVE-2020-9708

HIGH

CVSS:7.5(High)

The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access o...

CWE-242020

CVE-2021-29466

HIGH

CVSS:7.5(High)

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information...

CWE-242021

CVE-2023-3239

HIGH

CVSS:7.5(High)

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Affected is an unknown function of the file admin/readDeal.php?mudi=readQrCode. The manipulation of the argument im...

CWE-242023

CVE-2024-2318

Vulnerability Description

Related Vulnerabilities

CVE-2014-125033

CVE-2018-25094

CVE-2019-25087

CVE-2020-9708

CVE-2021-29466

CVE-2023-3239