What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.This issue affects JetGridBuilder: from n/a through 1.1.2.
Explanation of Vulnerability in Simple Terms
02Summary
JetGridBuilder versions up to 1.1.2 contain a path traversal vulnerability that allows authenticated users with low privileges to read, modify, or delete arbitrary files on the server. The vulnerability requires network access and high attack complexity, but can affect the entire system if exploited. Update to version 1.1.3 or later to remediate.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete arbitrary files on the server outside the intended directory.
Potential impact on your site
04Site Impact
An authenticated user could access sensitive files, corrupt site data, or disable the site entirely.
Conditions required to exploit
05Prerequisites
Attacker must be authenticated with low-level user privileges; no user interaction required.
Key dates
06Disclosure timeline
August 19, 2024
CVE published
April 28, 2026
Record updated