exploitDog

CVE-2024-24550

Опубликовано: 24 июн. 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

Ссылки

https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/
Exploit
Third Party Advisory
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bludit:bludit:*:*:*:*:*:*:*:*

Версия от 3.14.0 (включая) до 3.15.0 (включая)

EPSS

Процентиль: 35%

0.00144

Низкий

8.1 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-37f5-2pjr-46xw

CVSS3: 8.1

github

больше 1 года назад

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

EPSS

Процентиль: 35%

0.00144

Низкий

8.1 High

CVSS3

Дефекты

CWE-77