CVE-2024-28269

2024-04-3019:15:23

[email protected]

web.nvd.nist.gov

recrystallize server

file upload

remote code execution

cve-2024-28269

administrator

malicious files

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code Execution.

References

sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/

www.recrystallize.com/merchant/ReCrystallize-Server-for-Crysta