Plattform
other
Komponente
administrative-management-system
Behoben in
0.0.1
CVE-2024-10200 describes a Path Traversal vulnerability discovered in the Wellchoose Administrative Management System. This flaw allows unauthenticated attackers to download arbitrary files from the server, potentially exposing sensitive data and system configurations. The vulnerability affects versions 0–0, and a fix is available in version 0.0.1.
The Path Traversal vulnerability in Wellchoose Administrative Management System poses a significant risk to data confidentiality. An attacker exploiting this flaw can bypass access controls and directly request files from the server's file system. This could include configuration files containing database credentials, source code, or other sensitive information. Successful exploitation could lead to complete compromise of the server and its data. The lack of authentication required for exploitation expands the potential attack surface, making the system vulnerable to a wide range of attackers.
CVE-2024-10200 was publicly disclosed on 2024-10-21. The vulnerability's simplicity and lack of authentication requirements suggest a potentially high probability of exploitation (EPSS score likely medium to high). No public proof-of-concept exploits have been observed as of this writing, but the ease of exploitation makes it a likely target for opportunistic attackers. Refer to the Wellchoose advisory for further details.
Organizations utilizing the Wellchoose Administrative Management System in their environments, particularly those with publicly accessible instances or those lacking robust access controls, are at risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable.
disclosure
Exploit-Status
EPSS
0.74% (73% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-10200 is to immediately upgrade the Wellchoose Administrative Management System to version 0.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions on the server and implementing strict input validation to prevent path manipulation. While a WAF might offer some protection, it’s not a substitute for patching. Verify the upgrade by attempting to access a restricted file via the vulnerable endpoint after applying the patch; access should be denied.
Actualizar el Administrative Management System a una versión parcheada que solucione la vulnerabilidad de Path Traversal. Si no hay una actualización disponible, contacte al proveedor (Wellchoose) para obtener un parche o una solución alternativa. Como medida temporal, restrinja el acceso a los archivos sensibles del servidor y monitoree los registros del servidor en busca de actividades sospechosas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-10200 is a vulnerability allowing unauthenticated attackers to download arbitrary files from a Wellchoose Administrative Management System server due to insufficient input validation.
If you are using Wellchoose Administrative Management System versions 0–0, you are affected by this vulnerability. Upgrade to version 0.0.1 or later to mitigate the risk.
The recommended fix is to upgrade to version 0.0.1 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file access and using a WAF.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and easily exploitable.
Please refer to the Wellchoose official website or security advisory channels for the latest information and updates regarding CVE-2024-10200.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.