Lucene search
NCSC.chCVELIST:CVE-2024-24551HistoryJun 24, 2024 - 7:08 a.m.
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
2024-06-2407:08:22
CWE-434
CWE-77
CWE-502
NCSC.ch
www.cve.org
5
bludit
image api
rce
vulnerability
file uploads
php files
security
8.9 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
0.0004 Low
EPSS
Percentile
9.1%
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
CNA Affected
[
{
"collectionURL": "https://www.bludit.com/",
"defaultStatus": "unaffected",
"packageName": "Bludit",
"platforms": [
"Linux",
"Windows",
"MacOS"
],
"product": "Bludit",
"programFiles": [
"bl-kernel/functions.php",
"bl-plugins/api/plugin.php"
],
"repo": "https://github.com/bludit/bludit/",
"vendor": "Bludit",
"versions": [
{
"status": "affected",
"version": "v3.9.0 beta 1"
}
]
}
]Related
cve
cve
CVE-2024-24551
2024-06-24 07:15:14
vulnrichment
vulnrichment
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
2024-06-24 07:08:22
nvd
nvd
CVE-2024-24551
2024-06-24 07:15:14
8.9 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-24551