CVE-2024-42007

CVE-2024-42007

CVSS 5.8 MEDIUMEPSS 0.6%CWE-22 CWE-548

SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.

CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:N/S:C/UI:N

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/NoiseByNorthwest/php-spx/issues/251 https://www.vicarius.io/vsociety/posts/journey-to-discovery-and-exploitation-of-path-traversal-in-php-spx-cve-2024-42007