CVE-2024-40422

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-22
View all →

Vulnerability Description

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.

Related Vulnerabilities

CVE-2012-6664

CRITICAL
CVSS:9.1(Critical)

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get ...

CWE-222012

CVE-2014-10390

CRITICAL
CVSS:9.1(Critical)

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

CWE-222014

CVE-2014-3702

CRITICAL
CVSS:9.1(Critical)

Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot ...

CWE-222014

CVE-2015-4068

CRITICAL
CVSS:9.1(Critical)

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFile...

CWE-222015

CVE-2015-5609

CRITICAL
CVSS:9.1(Critical)

Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.

CWE-222015

CVE-2015-9277

CRITICAL
CVSS:9.1(Critical)

MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.

CWE-222015