Количество 3
Количество 3
CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged atta ...
GHSA-rmcg-5mh4-47x7
An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile".
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-51094 An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server. | CVSS3: 8 | 0% Низкий | около 1 года назад |
| CVE-2024-51094 An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged atta ... | CVSS3: 8 | 0% Низкий | около 1 года назад |
| GHSA-rmcg-5mh4-47x7 An issue in Snipe-IT v.7.0.13 build 15514 allows a remote attacker to escalate privileges via the file /account/profile of the component "Name" field value under "Edit Your Profile". | CVSS3: 8 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу