CVE-2024-32778 — Path Traversal in Contest Gallery

CWE-22 — Path Traversal CWE-862 — Missing Authorization4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 37.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contest-gallery Contest Gallery Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedJun 9

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery21.3.4

▶NVDcontest-gallery/contest_gallery< 21.3.5

🔴Vulnerability Details

CVEList

WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability↗2024-06-09

▶

GHSA

GHSA-hrhv-26jc-hh6q: Missing Authorization vulnerability in Contest Gallery↗2024-06-09

▶

VulnCheck

Contest Gallery Plugin Arbitrary File Deletion↗2024

▶