CVE-2024-8941 Information

Description

Path traversal vulnerability in Scriptcase version 9.4.019 in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter) which allows unauthenticated remote users to bypass SecurityManager’s intended restrictions and list and/or read a parent directory via a “/…” or directly into a path used in the POST parameter “field_file” by a web application.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-scriptcase