CVE-2024-6746

MEDIUM EPSS 87.1%
Published Jul 15, 20241y ago · Modified Jun 17, 20262w ago
5.3 CVSS 4.0
Medium
Find Similar
Published Jul 15, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".

CVSS Details

Base Score
5.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
87.1% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-22 Path Traversal Resource Mgmt
CWE-24

Affected Products 2

VendorProductVersionRange
easyspidereasyspider0.6.2any
microsoftwindows*any

References 4

  • github.com https://github.com/NaiboWang/EasySpider/issues/466
    ExploitIssue Tracking
  • vuldb.com https://vuldb.com/?ctiid.271477
    Permissions Required
  • vuldb.com https://vuldb.com/?id.271477
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.371998
    Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.