Kurmi Virtual Roadshow: Zoom through Your Zoom Provisioning with Kurmi - Watch On-Demand

Kurmi Software

Unified Communication - Automate & Simplify the management

CVE-2024-54452:

Description

  • An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password.

Vulnerability Type

  • Directory Traversal