CVE-2024-3737

Summary

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.

Affected Software

VendorProductVersion RangeStatus
cym1102nginxWebUI3.9.0affected
cym1102nginxWebUI3.9.1affected
cym1102nginxWebUI3.9.2affected
cym1102nginxWebUI3.9.3affected
cym1102nginxWebUI3.9.4affected
cym1102nginxWebUI3.9.5affected
cym1102nginxWebUI3.9.6affected
cym1102nginxWebUI3.9.7affected
cym1102nginxWebUI3.9.8affected
cym1102nginxWebUI3.9.9affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References