Platform
other
Component
administrative-management-system
Fixed in
0.0.1
CVE-2024-10200 describes a Path Traversal vulnerability discovered in the Wellchoose Administrative Management System. This flaw allows unauthenticated attackers to download arbitrary files from the server, potentially exposing sensitive data and system configurations. The vulnerability affects versions 0–0, and a fix is available in version 0.0.1.
The Path Traversal vulnerability in Wellchoose Administrative Management System poses a significant risk to data confidentiality. An attacker exploiting this vulnerability can bypass access controls and retrieve any file accessible to the web server process. This includes configuration files, database backups, source code, and potentially user data. Successful exploitation could lead to complete compromise of the server and its associated data. The lack of authentication required for exploitation broadens the attack surface, making it accessible to a wide range of threat actors.
CVE-2024-10200 was publicly disclosed on 2024-10-21. Currently, there are no known public proof-of-concept exploits available. The EPSS score is pending evaluation. It is recommended to prioritize patching due to the ease of exploitation and potential impact.
Exploit Status
EPSS
0.74% (73% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-10200 is to immediately upgrade the Wellchoose Administrative Management System to version 0.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions on the server and implementing strict input validation to prevent path manipulation. Web application firewalls (WAFs) configured with rules to block path traversal attempts can also provide a layer of defense. Monitor server logs for suspicious file access patterns.
Update the Administrative Management System to a patched version that addresses the Path Traversal vulnerability. If no update is available, contact the vendor (Wellchoose) for a patch or alternative solution. As a temporary measure, restrict access to sensitive server files and monitor server logs for suspicious activity.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-10200 is a vulnerability allowing unauthenticated attackers to download arbitrary files from a Wellchoose Administrative Management System server due to insufficient input validation.
If you are using Wellchoose Administrative Management System versions 0–0, you are affected by this vulnerability. Upgrade to version 0.0.1 or later to mitigate the risk.
The recommended fix is to upgrade to version 0.0.1 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file access and using a WAF.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and easily exploitable.
Please refer to the Wellchoose official website or security advisory channels for the latest information and updates regarding CVE-2024-10200.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.