CVE-2024-57784

CVE-2024-57784 is a directory traversal vulnerability (CWE-22) in the /php/script_uploads.php component of Zenitel AlphaWeb XE version 11.2.3.10. Published on 2025-01-16, it has a CVSS v3.1 base score of 5.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N), rated as medium severity. The flaw enables attackers to traverse directories, potentially accessing sensitive files outside the intended upload path.

Exploitation requires network access and high privileges (PR:H), such as an authenticated administrative user, with low attack complexity and no user interaction needed. Successful exploitation allows high confidentiality impact by reading arbitrary files, limited integrity impact, and no availability disruption, making it a targeted risk for privileged insiders or compromised accounts.

A reference advisory is available at https://gist.github.com/s4fv4n/8cc4e4cb6fd028e803898837b73aa342 for details on the vulnerability, including potential mitigation guidance.