Main Vulnerability Database Exploits ID:11233 - Exploit for Path traversal in Backup & Replication - CVE-2024-48248

ID:11233 - Exploit for Path traversal in Backup & Replication - CVE-2024-48248

Published: March 19, 2025

Vulnerability identifier: #VU105882

Vulnerability risk: High

CVE-ID: CVE-2024-48248

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Backup & Replication

Link to public exploit:

https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via the "getImageByPath" parameter to "/c/router" endpoint. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install updates from vendor's website.

ID:11233 - Exploit for Path traversal in Backup & Replication - CVE-2024-48248

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human