Lucene search

K
vulnrichmentNCSC.chVULNRICHMENT:CVE-2024-24550
HistoryJun 24, 2024 - 7:05 a.m.

CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API

2024-06-2407:05:50
CWE-77
CWE-502
CWE-434
NCSC.ch
github.com
24
bludit
remote code execution
api token
file uploads
arbitrary code execution

CVSS4

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

8

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

total

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

CNA Affected

[
  {
    "repo": "https://github.com/bludit/bludit/",
    "vendor": "Bludit",
    "product": "Bludit",
    "versions": [
      {
        "status": "affected",
        "version": "3.14.0"
      }
    ],
    "platforms": [
      "Linux",
      "Windows",
      "MacOS"
    ],
    "packageName": "Bludit",
    "programFiles": [
      "bl-plugins/api/plugin.php"
    ],
    "collectionURL": "https://www.bludit.com/",
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:bludit:bludit:3.14.0:*:*:*:*:*:*:*"
    ],
    "vendor": "bludit",
    "product": "bludit",
    "versions": [
      {
        "status": "affected",
        "version": "3.14.0",
        "versionType": "custom",
        "lessThanOrEqual": "3.15.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS4

8.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

8

Confidence

Low

SSVC

Exploitation

poc

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2024-24550