cbcvebase.
CVE-2024-24320
published 2024-06-14

CVE-2024-24320: Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute…

PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.02%
89.3th percentile
Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.

Affected

22 ranges
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_advanced_waf
f5big-ip_afm
f5big-ip_analytics
f5big-ip_apm
f5big-ip_asm
f5big-ip_automation_toolchain
f5big-ip_avr
f5big-ip_cgnat
f5big-ip_container_ingress_services
f5big-ip_dhd
f5big-ip_dns
f5big-ip_edge_gateway
f5big-ip_fps
f5big-ip_gtm
f5big-ip_link_controller
f5big-ip_ltm
f5big-ip_pem
f5big-ip_sslo
f5big-ip_webaccelerator
f5big-ip_websafe
mgt-commercecloudpanel2.0.0 – 2.4.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.