PandaXGO PandaX up to 20240310 upload.go DeleteImage fileName path traversal

EntryHistoryjsonxmlCTI

A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. Using CWE to declare the problem leads to CWE-24. The weakness was disclosed 03/16/2024. The advisory is available at github.com. This vulnerability was named CVE-2024-2563. The attack can be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1006 by the MITRE ATT&CK project. It is declared as proof-of-concept. It is possible to download the exploit at github.com. As 0-day the estimated underground price was around $0-$5k. The bugfix is ready for download at github.com. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	03/16/2024 08:15	05/01/2024 13:03	05/01/2024 13:11
vendor	PandaXGO	PandaXGO	PandaXGO
name	PandaX	PandaX	PandaX
version	<=20240310	<=20240310	<=20240310
file	/apps/system/router/upload.go	/apps/system/router/upload.go	/apps/system/router/upload.go
function	DeleteImage	DeleteImage	DeleteImage
argument	fileName	fileName	fileName
input_value	../../../../../../../../../tmp/1.txt	../../../../../../../../../tmp/1.txt	../../../../../../../../../tmp/1.txt
cwe	24 (path traversal)	24 (path traversal)	24 (path traversal)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://github.com/PandaXGO/PandaX/pull/3	https://github.com/PandaXGO/PandaX/pull/3	https://github.com/PandaXGO/PandaX/pull/3
availability	1	1	1
publicity	1	1	1
url	https://github.com/PandaXGO/PandaX/pull/3	https://github.com/PandaXGO/PandaX/pull/3	https://github.com/PandaXGO/PandaX/pull/3
cve	CVE-2024-2563	CVE-2024-2563	CVE-2024-2563
responsible	VulDB	VulDB	VulDB
date	1710543600 (03/16/2024)	1710543600 (03/16/2024)	1710543600 (03/16/2024)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.5	5.5	5.5
cvss2_vuldb_tempscore	4.7	4.7	4.7
cvss3_vuldb_basescore	5.4	5.4	5.4
cvss3_vuldb_tempscore	4.9	4.9	4.9
cvss3_meta_basescore	5.4	5.4	5.4
cvss3_meta_tempscore	4.9	4.9	5.1
price_0day	$0-$5k	$0-$5k	$0-$5k
patch_url		https://github.com/PandaXGO/PandaX/pull/3	https://github.com/PandaXGO/PandaX/pull/3
cve_assigned		1710543600 (03/16/2024)	1710543600 (03/16/2024)
cve_nvd_summary		A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability.	A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability.
cvss4_vuldb_av		N	N
cvss4_vuldb_ac		L	L
cvss4_vuldb_pr		L	L
cvss4_vuldb_ui		N	N
cvss4_vuldb_vc		N	N
cvss4_vuldb_vi		L	L
cvss4_vuldb_va		L	L
cvss4_vuldb_e		P	P
cvss4_vuldb_at		N	N
cvss4_vuldb_sc		N	N
cvss4_vuldb_si		N	N
cvss4_vuldb_sa		N	N
cvss4_vuldb_bscore		5.3	5.3
cvss4_vuldb_btscore		2.1	2.1
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.5
cvss3_cna_basescore			5.4

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!