CVE-2024-0416: DeShang DSMall MemberAuth.php path traversal
Description
A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436. Eine kritische Schwachstelle wurde in DeShang DSMall bis 5.0.3 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei application/home/controller/MemberAuth.php. Durch Beeinflussen des Arguments file_name mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-0416
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.4
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Problem Types
CWE-24 Path Traversal: '../filedir'Affected Products
Vendor: DeShang
Product: DSMall
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.18% (probability of being exploited)
EPSS Percentile: 40.53% (scored less or equal to compared to others)
EPSS Date: 2025-06-12 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-0416https://vuldb.com/?id.250436
https://vuldb.com/?ctiid.250436
https://note.zhaoj.in/share/DxR7FZsCKJQ1