Lucene search

[email protected]CVE-2024-24550

HistoryJun 24, 2024 - 7:15 a.m.

CVE-2024-24550

2024-06-2407:15:13

CWE-502

CWE-77

CWE-434

[email protected]

web.nvd.nist.gov

bludit

security vulnerability

arbitrary file upload

code execution

api token

8.9 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

CNA Affected

[
  {
    "collectionURL": "https://www.bludit.com/",
    "defaultStatus": "unaffected",
    "packageName": "Bludit",
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "product": "Bludit",
    "programFiles": [
      "bl-plugins/api/plugin.php"
    ],
    "repo": "https://github.com/bludit/bludit/",
    "vendor": "Bludit",
    "versions": [
      {
        "status": "affected",
        "version": "3.14.0"
      }
    ]
  }
]

References

www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

8.9 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-24550

vulnrichment1 cvelist1 nvd1