cbcvebase.
CVE-2024-32399
published 2024-04-22

CVE-2024-32399: Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/…

PriorityP350high7.6CVSS 3.1
AVNACLPRLUIRSUCHIHAL
EXPLOIT
EPSS
3.16%
86.4th percentile
Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.

Detection & IOCsextracted from sources · hover to see the quote

url/webeditor/../../../windows/win.ini
path/webeditor/
  • Look for directory traversal sequences (e.g., '../../../') in HTTP GET requests targeting the /webeditor/ path on RaidenMAILD servers.
  • Shodan query 'html:"RaidenMAILD"' can be used to identify exposed RaidenMAILD instances potentially vulnerable to this CVE.
  • ·The traversal payload targets Windows systems specifically (win.ini). The vulnerability may behave differently or require a different payload on non-Windows deployments.
  • ·Exploitation requires an authenticated low-privileged user with user interaction (PR:L, UI:R per CVSS), meaning unauthenticated scanning may not trigger the vulnerability.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.