Vulnerability Details CVE-2024-39171
Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-39171
-
cpe:2.3:a:phpvibe:phpvibe:11.0.3
-
cpe:2.3:a:phpvibe:phpvibe:11.0.4
-
cpe:2.3:a:phpvibe:phpvibe:11.0.42
-
cpe:2.3:a:phpvibe:phpvibe:11.0.43
-
cpe:2.3:a:phpvibe:phpvibe:11.0.45
-
cpe:2.3:a:phpvibe:phpvibe:11.0.46