← volver
CVE-2026-5014

elecV2 elecV2P Wildcard log path.join path traversal

CVSS 6.9 MEDIUMEPSS 0.4%CWE-22
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
elecV2 · elecV2P
PoCs públicas encontradas1
cve_referencegithub.com/elecV2/elecV2P/issues/200no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/elecV2/elecV2P/https://github.com/elecV2/elecV2P/issues/200https://vuldb.com/submit/779178https://vuldb.com/vuln/353899https://vuldb.com/vuln/353899/cti