CVE-2024-57784
Description
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zenitel AlphaWeb XE v11.2.3.10 has an authenticated directory traversal vulnerability in script_uploads.php, allowing arbitrary file read.
Vulnerability
The vulnerability is a directory traversal in the /php/script_uploads.php component of Zenitel AlphaWeb XE version 11.2.3.10. The application fails to properly sanitize the file parameter when handling the get_file action, allowing an attacker to traverse directories using ../ sequences [1].
Exploitation
Exploitation requires authentication? The official description does not mention prerequisites, but the reference title indicates it is an authenticated vulnerability. An attacker can send a crafted HTTP GET request to http:///php/script_uploads.php?action=get_file&file=../../../../etc/passwd to read arbitrary files [1].
Impact
Successful exploitation leads to information disclosure, as the attacker can read sensitive files on the server, such as /etc/passwd, potentially revealing user credentials or other confidential data [1].
Mitigation
As of the publication date, no patch has been announced. Administrators should consider restricting access to the vulnerable script, implementing input validation, or applying vendor updates when available [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.