Impact
A directory traversal flaw in the api/plugin.php component of Bludit allows an attacker to craft requests that resolve file paths outside the intended directory, providing unauthorized read access to files stored outside the web root. The weakness is classified as CWE‑22 and is quantified with a CVSS score of 9.8, indicating critical risk to confidentiality.
Affected Systems
Bludit version 3.19.0 is explicitly affected by this directory traversal issue in api/plugin.php; no other releases or products were cited as impacted in the CVE data.
Risk and Exploitability
Based on the description, it is inferred that a remote attacker can trigger the traversal by sending a specially crafted HTTP request to the vulnerable endpoint. The EPSS score of less than 1% suggests that exploitation attempts are currently rare and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the high CVSS rating and the potential for arbitrary file reads maintain a significant risk that warrants swift action.
OpenCVE Enrichment