We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2024-3218

Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal

Reserved:2024-04-02
Published:2024-04-02
Updated:2024-04-02

Description

EN DE

A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. This affects an unknown part of the file /php/busyscreenshotpush.php. The manipulation of the argument jsondata[callee]/jsondata[imagename] leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259065 was assigned to this vulnerability.

Es wurde eine Schwachstelle in Shibang Communications IP Network Intercom Broadcasting System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /php/busyscreenshotpush.php. Durch Manipulation des Arguments jsondata[callee]/jsondata[imagename] mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.



MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
MEDIUM: 5.4CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.5AV:N/AC:L/Au:S/C:N/I:P/A:P (CVSS 2.0)

Problem types

CWE-24 Path Traversal: '../filedir'

Product status

1.0
affected

Timeline

2024-04-02:Advisory disclosed
2024-04-02:VulDB entry created
2024-04-02:VulDB entry last update

Credits

Guo Jiabao (VulDB User) reporter

References

https://vuldb.com/?id.259065 (VDB-259065 | Shibang Communications IP Network Intercom Broadcasting System busyscreenshotpush.php path traversal) vdb-entry technical-description

https://vuldb.com/?ctiid.259065 (VDB-259065 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

https://vuldb.com/?submit.308510 (Submit #308510 | Shibang Communications Co., Ltd. IP network intercom broadcasting system v1.0 Write any file) third-party-advisory

https://github.com/garboa/cve_3/blob/main/file_put_content.md exploit

cve.org CVE-2024-3218

nvd.nist.gov CVE-2024-3218

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3218