Lucene search
NCSC.chCVELIST:CVE-2024-24550HistoryJun 24, 2024 - 7:05 a.m.
CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API
2024-06-2407:05:50
CWE-434
CWE-77
CWE-502
NCSC.ch
www.cve.org
10
bludit
remote code execution
file api
php
security vulnerability
improper handling
8.9 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
0.0004 Low
EPSS
Percentile
9.1%
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
CNA Affected
[
{
"collectionURL": "https://www.bludit.com/",
"defaultStatus": "unaffected",
"packageName": "Bludit",
"platforms": [
"Linux",
"Windows",
"MacOS"
],
"product": "Bludit",
"programFiles": [
"bl-plugins/api/plugin.php"
],
"repo": "https://github.com/bludit/bludit/",
"vendor": "Bludit",
"versions": [
{
"status": "affected",
"version": "3.14.0"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API
2024-06-24 07:05:50
nvd
nvd
CVE-2024-24550
2024-06-24 07:15:13
cve
cve
CVE-2024-24550
2024-06-24 07:15:13
8.9 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-24550