Lucene search

PatchstackCVE-2024-39624

HistoryAug 01, 2024 - 9:15 p.m.

CVE-2024-39624

2024-08-0121:15:29

CWE-22

Patchstack

web.nvd.nist.gov

cve-2024-39624

path traversal

cridiostudio listingpro

php local file inclusion

vulnerability

directory restriction

listingpro 2.9.3

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

Percentile

11.0%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in CridioStudio ListingPro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through 2.9.3.

Affected configurations

Vulners

Vulnrichment

Node

cridiostudiolistingproRange≤2.9.3

VendorProductVersionCPE
cridiostudiolistingpro*cpe:2.3:a:cridiostudio:listingpro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cridiostudio	listingpro	*	cpe:2.3:a:cridiostudio:listingpro::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ListingPro",
    "vendor": "CridioStudio",
    "versions": [
      {
        "lessThanOrEqual": "2.9.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/listingpro/wordpress-listingpro-theme-2-9-3-local-file-inclusion-vulnerability?_s_id=cve

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

Percentile

11.0%

JSON

Related for CVE-2024-39624