CVE-2024-34523

piuppi/Proof-of-Concepts

on github

inclusive-design/AChecker

on github

Published

May 7, 2024

Severity

CVSS v3:

N/A

CVSS v2:

N/A

Description

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

https://github.com/inclusive-design/AChecker/blob/main/checker/download.php
https://github.com/piuppi/Proof-of-Concepts/blob/main/AChecker/CVE-2024-34523.md

Configurations

CPE23	Version Start	Version End	Exact Version

External Links

NVD - CVE-2024-34523