Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-10708

CWE-22 — Path Traversal4 documents4 sources

Severity

4.9MEDIUM

EPSS

5.7%

top 9.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unknown System Dashboard Bowo System Dashboard

Timeline

PublishedDec 10

Description

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDbowo/system_dashboard< 2.8.15

▶CVEListV5unknown/system_dashboard< 2.8.15

🔴Vulnerability Details

CVEList

System Dashboard < 2.8.15 - Admin+ Path Traversal↗2024-12-10

▶

GHSA

GHSA-j3vp-3p2j-8q53: The System Dashboard WordPress plugin before 2↗2024-12-10

▶

💥Exploits & PoCs

Nuclei

System Dashboard < 2.8.15 - Admin+ Path Traversal

▶