CVE-2024-6949
Published: 21 July 2024
Summary
CVE-2024-6949 is a medium-severity Path Traversal (CWE-22) vulnerability in Gargaj Wuhu. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 39.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47935
Vulnerability details
A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has…
more
been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272071.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability (CWE-22) in public-facing web application (/pages.php) enables exploitation of public-facing apps (T1190), arbitrary file reads from local system (T1005), file/directory discovery (T1083), and direct volume access (T1006 as mapped in advisory).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.