go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal

TVN ID TVN-202410024
CVE ID CVE-2024-10651
CVSS 4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products IDExpert from version 2.5 to 2.8
Description IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
Solution Update to version 2.8.0.0523 or later.
Credit Lai, Yu-Jen (CHT Security)
Public Date 2024-10-31
Top