Gratis scannen
HIGHCVE-2024-10200CVSS 7.5

Wellchoose Administrative Management System - Arbitrair File Lezen via Path Traversal

Platform

other

Component

administrative-management-system

Opgelost in

0.0.1

AI Confidence: highNVDEPSS 0.7%Beoordeeld: mei 2026
Bekijk op NVD
Opslaan
Wordt vertaald naar uw taal…

CVE-2024-10200 describes a Path Traversal vulnerability discovered in the Wellchoose Administrative Management System. This flaw allows unauthenticated attackers to download arbitrary files from the server, potentially exposing sensitive data and system configurations. The vulnerability affects versions 0–0, and a fix is available in version 0.0.1.

Impact en Aanvalsscenarioswordt vertaald…

The Path Traversal vulnerability in Wellchoose Administrative Management System poses a significant risk to data confidentiality. An attacker exploiting this vulnerability can bypass access controls and retrieve any file accessible to the web server process. This includes configuration files, database backups, source code, and potentially user data. Successful exploitation could lead to complete compromise of the server and its associated data. The lack of authentication required for exploitation broadens the attack surface, making it accessible to a wide range of threat actors.

Uitbuitingscontextwordt vertaald…

CVE-2024-10200 was publicly disclosed on 2024-10-21. Currently, there are no known public proof-of-concept exploits available. The EPSS score is pending evaluation. It is recommended to prioritize patching due to the ease of exploitation and potential impact.

Wie Loopt Risicowordt vertaald…

Organizations utilizing the Wellchoose Administrative Management System in their environments, particularly those with publicly accessible instances or those lacking robust access controls, are at risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable.

Aanvalstijdlijn

  1. Disclosure

    disclosure

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog

EPSS

0.74% (73% percentiel)

CISA SSVC

Exploitatienone
Automatiseerbaaryes
Technische Impactpartial

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.5HIGHAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityHighRisico op blootstelling van gevoelige dataIntegrityNoneRisico op ongeautoriseerde gegevenswijzigingAvailabilityNoneRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
Integrity
Geen — geen integriteitsimpact.
Availability
Geen — geen beschikbaarheidsimpact.

Getroffen Software

Componentadministrative-management-system
LeverancierWellchoose
Getroffen bereikOpgelost in
0 – 00.0.1

Zwakheidsclassificatie (CWE)

CWE-23

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2024-10200 is to immediately upgrade the Wellchoose Administrative Management System to version 0.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions on the server and implementing strict input validation to prevent path manipulation. Web application firewalls (WAFs) configured with rules to block path traversal attempts can also provide a layer of defense. Monitor server logs for suspicious file access patterns.

Hoe te verhelpenwordt vertaald…

Actualizar el Administrative Management System a una versión parcheada que solucione la vulnerabilidad de Path Traversal. Si no hay una actualización disponible, contacte al proveedor (Wellchoose) para obtener un parche o una solución alternativa. Como medida temporal, restrinja el acceso a los archivos sensibles del servidor y monitoree los registros del servidor en busca de actividades sospechosas.

CVE Beveiligingsnieuwsbrief

Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.

Veelgestelde vragenwordt vertaald…

What is CVE-2024-10200 — Path Traversal in Wellchoose Administrative Management System?

CVE-2024-10200 is a vulnerability allowing unauthenticated attackers to download arbitrary files from a Wellchoose Administrative Management System server due to insufficient input validation.

Am I affected by CVE-2024-10200 in Wellchoose Administrative Management System?

If you are using Wellchoose Administrative Management System versions 0–0, you are affected by this vulnerability. Upgrade to version 0.0.1 or later to mitigate the risk.

How do I fix CVE-2024-10200 in Wellchoose Administrative Management System?

The recommended fix is to upgrade to version 0.0.1 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file access and using a WAF.

Is CVE-2024-10200 being actively exploited?

As of the current date, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and easily exploitable.

Where can I find the official Wellchoose advisory for CVE-2024-10200?

Please refer to the Wellchoose official website or security advisory channels for the latest information and updates regarding CVE-2024-10200.

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken