CVE-2024-11238
published 2024-11-15CVE-2024-11238: A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file…
PriorityP180medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.60%
91.9th percentile
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| landray | ekp | — | — |
| landray | landray_ekp | <= 16.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile&directoryPath=../{{faviconPath}}/↗
- →Detect exploitation attempts by monitoring HTTP GET requests to the vulnerable endpoint with a `directoryPath` parameter containing path traversal sequences (e.g., `../`). ↗
- →Identify Landray EKP instances via Shodan using favicon hash 831854882 to scope exposure. ↗
- →A successful exploitation sequence results in a 200 response with content_length == 0 on the delPreviewFile endpoint, followed by a 404 on the previously accessible favicon resource — indicating the file/directory was deleted via path traversal. ↗
- →The attack requires no authentication (PR:N, UI:N) and is remotely exploitable; monitor for unauthenticated requests to `sysUiComponent.do?method=delPreviewFile`. ↗
- ·The Nuclei template uses a multi-step flow: it first fetches /login.jsp to extract a dynamic `faviconPath` value, then verifies the favicon exists (HTTP 200), then triggers the path traversal deletion, and finally confirms deletion via HTTP 404. Detection logic must account for this chained, stateful attack pattern rather than a single request. ↗
- ·The vulnerability affects Landray EKP up to version 16.0; versions beyond this range may not be affected. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vulncheck6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vhg-q6f6-xjf6: A vulnerability, which was classified as critical, was found in Landray EKP up to 16
ghsa_unreviewed·2024-11-15
CVE-2024-11238 [MEDIUM] CWE-22 GHSA-2vhg-q6f6-xjf6: A vulnerability, which was classified as critical, was found in Landray EKP up to 16
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
VulnCheck
landray landray_ekp Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2024·CVSS 6.9
CVE-2024-11238 [MEDIUM] landray landray_ekp Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
landray landray_ekp Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected: landray landray_ekp
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dash
No detection rules found.
Nuclei
Landray EKP - Path Traversal
nuclei·CVSS 6.9
CVE-2024-11238 [MEDIUM] Landray EKP - Path Traversal
Landray EKP - Path Traversal
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Template:
id: CVE-2024-11238
info:
name: Landray EKP - Path Traversal
author: theamanrawat
severity: medium
description: |
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysU
No writeups or analysis indexed.
2024-11-15
Published
Exploited in the wild