{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0465", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-12T10:36:59.881Z", "datePublished": "2024-01-12T19:00:04.987Z", "dateUpdated": "2025-06-16T18:35:08.234Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-09T19:09:52.919Z"}, "title": "code-projects Employee Profile Management System download.php path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-24", "lang": "en", "description": "CWE-24 Path Traversal: '../filedir'"}]}], "affected": [{"vendor": "code-projects", "product": "Employee Profile Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "In code-projects Employee Profile Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei download.php. Dank Manipulation des Arguments download_file mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-01-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-12T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2024-01-12T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-02-02T09:44:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.250570", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.250570", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "tags": ["broken-link", "exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:04:49.752Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.250570", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.250570", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "tags": ["broken-link", "exploit", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-21T19:41:20.784116Z", "id": "CVE-2024-0465", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T18:35:08.234Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.250570", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.250570", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "tags": ["broken-link", "exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:04:49.752Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-21T19:41:20.784116Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T18:34:50.451Z"}}], "cna": {"title": "code-projects Employee Profile Management System download.php path traversal", "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "code-projects", "product": "Employee Profile Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2024-01-12T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-01-12T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2024-01-12T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-02-02T09:44:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.250570", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.250570", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "In code-projects Employee Profile Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei download.php. Dank Manipulation des Arguments download_file mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-24", "description": "CWE-24 Path Traversal: '../filedir'"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-09T19:09:52.919Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0465", "state": "PUBLISHED", "dateUpdated": "2025-06-16T18:35:08.234Z", "dateReserved": "2024-01-12T10:36:59.881Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-01-12T19:00:04.987Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:code-projects:employee_profile_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4ECD8318-8E3C-4A62-B9A7-170B570C9A64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en code-projects Employee Profile Management System 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo download.php. La manipulaci\u00f3n del argumento download_file conduce a path traversal: '../filedir'. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-250570 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-0465", "lastModified": "2024-11-21T08:46:38.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T19:15:12.577", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.250570"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.250570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.250570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.250570"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-24"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}