Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component.
References
Configurations
History
17 Jun 2025, 21:00
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Derbynet
Derbynet derbynet |
|
| References | () https://chocapikk.com/posts/2024/derbynet-vulnerabilities/ - Exploit | |
| References | () https://github.com/jeffpiazza/derbynet/blob/1ae0bb55c3990dec8fd9b9f4a82400be9a75de92/website/kiosk.php - Product | |
| CPE | cpe:2.3:a:derbynet:derbynet:9.0:*:*:*:*:*:*:* |
21 Nov 2024, 09:13
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://chocapikk.com/posts/2024/derbynet-vulnerabilities/ - | |
| References | () https://github.com/jeffpiazza/derbynet/blob/1ae0bb55c3990dec8fd9b9f4a82400be9a75de92/website/kiosk.php - |
03 Jul 2024, 01:55
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-22 |
12 Apr 2024, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-12 13:15
Updated : 2025-06-17 21:00
NVD link : CVE-2024-31818
Mitre link : CVE-2024-31818
CVE.ORG link : CVE-2024-31818
JSON object : View
Products Affected
derbynet
- derbynet
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')