{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-0465","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-01-12T10:36:59.881Z","datePublished":"2024-01-12T19:00:04.987Z","dateUpdated":"2025-06-16T18:35:08.234Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-02-09T19:09:52.919Z"},"title":"code-projects Employee Profile Management System download.php path traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-24","lang":"en","description":"CWE-24 Path Traversal: '../filedir'"}]}],"affected":[{"vendor":"code-projects","product":"Employee Profile Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability."},{"lang":"de","value":"In code-projects Employee Profile Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei download.php. Dank Manipulation des Arguments download_file mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.7,"vectorString":"AV:A/AC:L/Au:S/C:P/I:N/A:N"}}],"timeline":[{"time":"2024-01-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-01-12T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2024-01-12T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-02-02T09:44:04.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.250570","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.250570","tags":["signature","permissions-required"]},{"url":"https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf","tags":["broken-link","exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:04:49.752Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.250570","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.250570","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf","tags":["broken-link","exploit","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-02-21T19:41:20.784116Z","id":"CVE-2024-0465","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-16T18:35:08.234Z"}}]}}