CVE-2024-0354 MEDIUM

CVE-2024-0354: unknown-o download-station index.php path traversal

Vendor Unknown-O
Product download-station
Weakness CWE-24
Published January 9, 2024
Last update May 14, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability.

Key dates

02Disclosure timeline

January 9, 2024 CVE published
May 14, 2025 Record updated