Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.
Fixes

Solution

Contact the vendor to install the patch.


Workaround

No workaround given by the vendor.

History

Thu, 24 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
CPEs cpe:2.3:a:wellchoose:administrative_management_system:-:*:*:*:*:*:*:*

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Wellchoose
Wellchoose administrative Management System
CPEs cpe:2.3:a:wellchoose:administrative_management_system:*:*:*:*:*:*:*:*
Vendors & Products Wellchoose
Wellchoose administrative Management System
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 21 Oct 2024 03:30:00 +0000

Type Values Removed Values Added
Description Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.
Title Wellchoose Administrative Management System - Arbitrary File Read through Path Traversal
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2024-10-21T13:14:51.746Z

Reserved: 2024-10-21T02:32:48.152Z

Link: CVE-2024-10200

cve-icon Vulnrichment

Updated: 2024-10-21T13:14:47.413Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-21T04:15:02.513

Modified: 2024-10-24T13:57:28.357

Link: CVE-2024-10200

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.