Lucene search

[email protected]CVE-2024-24551

HistoryJun 24, 2024 - 7:15 a.m.

CVE-2024-24551

2024-06-2407:15:14

CWE-502

CWE-77

CWE-434

[email protected]

web.nvd.nist.gov

bludit

vulnerability

code execution

image api

file uploads

php files

security

8.9 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

CNA Affected

[
  {
    "collectionURL": "https://www.bludit.com/",
    "defaultStatus": "unaffected",
    "packageName": "Bludit",
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "product": "Bludit",
    "programFiles": [
      "bl-kernel/functions.php",
      "bl-plugins/api/plugin.php"
    ],
    "repo": "https://github.com/bludit/bludit/",
    "vendor": "Bludit",
    "versions": [
      {
        "status": "affected",
        "version": "v3.9.0 beta 1"
      }
    ]
  }
]

References

www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

8.9 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-24551

vulnrichment1 nvd1 cvelist1