Primary

Context

elecV2 elecV2P Path Traversal Vulnerability in Wildcard Handler Log Function

Vulnerability

A path traversal vulnerability has been identified in elecV2 elecV2P versions through 3.8.3. The issue arises in the Wildcard Handler component, specifically within the function that handles log file requests. The vulnerability allows for arbitrary file reading by exploiting the path.join function to escape the intended log directory. This issue can be exploited remotely without authentication, and has been publicly disclosed along with a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for path traversal, enabling unauthorized access to the file system. This has been demonstrated by reading the /etc/passwd file.

Reproduction

The vulnerability can be reproduced by sending a GET request to the /log/ endpoint with a URL-encoded payload that includes ../ sequences. This payload escapes the logs directory and accesses arbitrary files on the server.

Added: Mar 28, 2026, 9:19 PM

Updated: Mar 28, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

elecV2 elecV2P Path Traversal Vulnerability in Wildcard Handler Log Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating