CVE-2024-45178

HIGH 7.1

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

0th

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, due to insufficient user input validation. For instance, the download functionality for backups provided by the script download-bkf.pml is vulnerable to a path traversal attack via the parameter bkf. This enables an authenticated user to download arbitrary files as Linux user www-data from the C-MOR system. Another path traversal attack is in the script show-movies.pml, which can be exploited via the parameter cam.

Vendor	n/a
Product	n/a
Published	Sep 5, 2024
Last Updated	Sep 6, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

syss.de: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-025.txt syss.de: https://www.syss.de/pentest-blog/mehrere-sicherheitsschwachstellen-in-videoueberwachungssoftware-c-mor-syss-2024-020-bis-030 seclists.org: http://seclists.org/fulldisclosure/2024/Sep/18