CVE-2024-8875

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-8875

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8875.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-8875

Published

2024-09-15T22:15:09.887Z

Modified

2025-11-16T12:07:28.872536Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/vedees/wcms

Affected ranges

Type: GIT
Repo: https://github.com/vedees/wcms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ae9b65e011d8a1a92350db7830c11df3ea97a6f7

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.6.1

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.2

0.1.2.1

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.2.2

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

0.3.0

0.3.1

1.*

1.1.3