Lucene search

MitreVULNRICHMENT:CVE-2024-39171

HistoryJul 09, 2024 - 12:00 a.m.

CVE-2024-39171

2024-07-0900:00:00

mitre

github.com

directory travel

phpvibe v11.0.46

incomplete blacklist checksums

code execution

.htaccess

.png suffix

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

51.8%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:phpvibe:phpvibe:11.0.3:*:*:*:*:*:*:*"
    ],
    "vendor": "phpvibe",
    "product": "phpvibe",
    "versions": [
      {
        "status": "affected",
        "version": "11.0.3",
        "versionType": "custom",
        "lessThanOrEqual": "11.0.46"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

phpvibe.com

github.com/751897386/PHPVibe_vulnerability_Directory-Traversal