CVE-2024-8409

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-8409

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8409.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8409

Published

2024-09-04T15:15:14.980Z

Modified

2025-11-20T12:32:02.824657Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/abcd-devcom/abcd2

Affected ranges

Type: GIT
Repo: https://github.com/abcd-devcom/abcd2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

689cc1998cab4e6318012d511c2a49801e06a632

Affected versions

v2.*

v2.2.0-alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8409.json"