How severe is CVE-2024-6746?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-6746?

This is classified as CWE-24, which is a common weakness in software security.

CVE-2024-6746

MEDIUM Year: 2024

CVSS v3 Score

8.8

High

CVSS v2 Score

3.3

Low

Weakness Type

CWE-24

View all →

Vulnerability Description

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".

CVE-2021-33036

HIGH

CVSS:8.8(High)

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade...

CWE-242021

CVE-2023-1398

HIGH

CVSS:8.8(High)

A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversa...

CWE-242023

CVE-2020-7882

CRITICAL

CVSS:9.1(Critical)

Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charact...

CWE-242020

CVE-2023-6900

CRITICAL

CVSS:9.1(Critical)

A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipula...

CWE-242023

CVE-2023-1800

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Uplo...

CWE-242023

CVE-2023-3056

CRITICAL

CVSS:9.8(Critical)

A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '../filedi...

CWE-242023

CVE-2024-6746

Vulnerability Description

Related Vulnerabilities

CVE-2021-33036

CVE-2023-1398

CVE-2020-7882

CVE-2023-6900

CVE-2023-1800

CVE-2023-3056