Lucene search

PatchstackCVE-2024-43248

HistoryAug 19, 2024 - 6:15 p.m.

CVE-2024-43248

2024-08-1918:15:11

CWE-22

Patchstack

web.nvd.nist.gov

vulnerability

path traversal

bit form pro

file manipulation

security issue

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

18.7%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Bit Apps Bit Form Pro allows File Manipulation.This issue affects Bit Form Pro: from n/a through 2.6.4.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

bitappsbit_formRange≤2.6.4prowordpress

VendorProductVersionCPE
bitappsbit_form*cpe:2.3:a:bitapps:bit_form:*:*:*:*:pro:wordpress:*:*

Vendor	Product	Version	CPE
bitapps	bit_form	*	cpe:2.3:a:bitapps:bit_form:::::pro:wordpress::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bit Form Pro",
    "vendor": "Bit Apps",
    "versions": [
      {
        "lessThanOrEqual": "2.6.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

18.7%

JSON

Related for CVE-2024-43248