CVE-2024-41938

MEDIUM Year: 2024
CVSS v3 Score
3.8
Low
Weakness Type
CWE-22
View all →

Vulnerability Description

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.

Related Vulnerabilities

CVE-2021-24242

LOW
CVSS:3.8(Low)

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plu...

CWE-222021

CVE-2022-27621

LOW
CVSS:3.8(Low)

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or wri...

CWE-222022

CVE-2023-41044

LOW
CVSS:3.8(Low)

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation ...

CWE-222023

CVE-2024-8694

MEDIUM
CVSS:3.8(Low)

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.adm...

CWE-222024

CVE-2025-27397

MEDIUM
CVSS:3.8(Low)

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from wher...

CWE-222025

CVE-2025-27566

MEDIUM
CVSS:3.8(Low)

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploit...

CWE-222025