Common Weakness Enumeration

CWE-616

Allowed

Incomplete Identification of Uploaded File Variables (PHP)

Abstraction: Variant · Status: Incomplete

The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.

9 vulnerabilities reference this CWE, most recent first.

CVE-2026-22789 (GCVE-0-2026-22789)

Vulnerability from cvelistv5 – Published: 2026-01-12 21:52 – Updated: 2026-01-13 19:41
VLAI
Title
WebErpMesv2 has a File Upload Validation Bypass Leading to RCE
Summary
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote Code Execution (RCE). This vulnerability is identical in nature to CVE-2025-52130 but exists in different code locations that were not addressed by the original fix. This vulnerability is fixed in 1.19.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
  • CWE-616 - Incomplete Identification of Uploaded File Variables (PHP)
Assigner
References
Impacted products
Vendor Product Version
SMEWebify WebErpMesv2 Affected: < 1.19
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22789",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T19:41:26.669967Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T19:41:31.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-64rv-f829-x6m4"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WebErpMesv2",
          "vendor": "SMEWebify",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote Code Execution (RCE). This vulnerability is identical in nature to CVE-2025-52130 but exists in different code locations that were not addressed by the original fix. This vulnerability is fixed in 1.19."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-616",
              "description": "CWE-616: Incomplete Identification of Uploaded File Variables (PHP)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-12T21:52:11.880Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-64rv-f829-x6m4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-64rv-f829-x6m4"
        },
        {
          "name": "https://github.com/SMEWebify/WebErpMesv2/commit/c9e7f4a85aeb774a0ea4b61ad57a51b941166b69",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SMEWebify/WebErpMesv2/commit/c9e7f4a85aeb774a0ea4b61ad57a51b941166b69"
        }
      ],
      "source": {
        "advisory": "GHSA-64rv-f829-x6m4",
        "discovery": "UNKNOWN"
      },
      "title": "WebErpMesv2 has a File Upload Validation Bypass Leading to RCE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22789",
    "datePublished": "2026-01-12T21:52:11.880Z",
    "dateReserved": "2026-01-09T18:27:19.388Z",
    "dateUpdated": "2026-01-13T19:41:31.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52305 (GCVE-0-2024-52305)

Vulnerability from cvelistv5 – Published: 2024-11-13 15:20 – Updated: 2024-11-13 19:25
VLAI
Title
UnoPim Stored XSS : Cookie hijacking through Create User function
Summary
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-616 - Incomplete Identification of Uploaded File Variables (PHP)
  • CWE-692 - Incomplete Denylist to Cross-Site Scripting
Assigner
References
Impacted products
Vendor Product Version
unopim unopim Affected: < 0.1.5
Create a notification for this product.
unopim unopim Affected: 0 , < 0.1.5 (custom)
    cpe:2.3:a:unopim:unopim:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:unopim:unopim:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unopim",
            "vendor": "unopim",
            "versions": [
              {
                "lessThan": "0.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52305",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T19:23:52.354530Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T19:25:30.116Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "unopim",
          "vendor": "unopim",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.1.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-616",
              "description": "CWE-616: Incomplete Identification of Uploaded File Variables (PHP)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-692",
              "description": "CWE-692: Incomplete Denylist to Cross-Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-13T18:38:42.229Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/unopim/unopim/security/advisories/GHSA-cgr4-c233-h733",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/unopim/unopim/security/advisories/GHSA-cgr4-c233-h733"
        },
        {
          "name": "https://github.com/unopim/unopim/commit/9a0da7a0892c60f58df2351b5a9498dcb4cb8b7a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/unopim/unopim/commit/9a0da7a0892c60f58df2351b5a9498dcb4cb8b7a"
        }
      ],
      "source": {
        "advisory": "GHSA-cgr4-c233-h733",
        "discovery": "UNKNOWN"
      },
      "title": "UnoPim Stored XSS : Cookie hijacking through Create User function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52305",
    "datePublished": "2024-11-13T15:20:20.679Z",
    "dateReserved": "2024-11-06T19:00:26.397Z",
    "dateUpdated": "2024-11-13T19:25:30.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-945M-RW7V-2H8V

Vulnerability from github – Published: 2023-08-03 18:30 – Updated: 2024-07-16 18:31
VLAI
Details

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434",
      "CWE-616"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-03T16:15:12Z",
    "severity": "HIGH"
  },
  "details": "An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.",
  "id": "GHSA-945m-rw7v-2h8v",
  "modified": "2024-07-16T18:31:41Z",
  "published": "2023-08-03T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38947"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/CTF-hacker/pwn/issues/I7LH2N"
    },
    {
      "type": "WEB",
      "url": "https://github.com/capture0x/WBCE_CMS"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9WQC-Q367-Q634

Vulnerability from github – Published: 2024-04-26 21:31 – Updated: 2024-08-01 15:31
VLAI
Details

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-616"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-26T21:15:49Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component.",
  "id": "GHSA-9wqc-q367-q634",
  "modified": "2024-08-01T15:31:42Z",
  "published": "2024-04-26T21:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31601"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tianqing191/book.io"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CGR4-C233-H733

Vulnerability from github – Published: 2024-11-13 18:37 – Updated: 2024-11-13 18:37
VLAI
Summary
UnoPim Stored XSS : Cookie hijacking through Create User function
Details

Summary

A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies.

Details

  1. Login as admin
  2. Go to Create User
  3. Fill up everything in the registration form then upload SVG image as a profile picture
  4. In SVG image, add script tag to prepare for XSS attack
  5. Complete the Create User process
  6. Right click at the image to obtain image URL address
  7. XSS triggered

PoC

The below link is a private YouTube video for PoC. https://youtu.be/5j8owD0--1A

Impact

The stored XSS can lead to session hijacking and privilege escalation, effectively bypassing any CSRF protections in place.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "unopim/unopim"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-616",
      "CWE-692",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-13T18:37:15Z",
    "nvd_published_at": "2024-11-13T16:15:20Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nA vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies.\n\n### Details\n1. Login as admin\n2. Go to Create User\n3. Fill up everything in the registration form then upload SVG image as a profile picture\n4. In SVG image, add script tag to prepare for XSS attack\n5. Complete the Create User process\n6. Right click at the image to obtain image URL address\n7. XSS triggered\n### PoC\nThe below link is a private YouTube video for PoC. \nhttps://youtu.be/5j8owD0--1A\n\n### Impact\nThe stored XSS can lead to session hijacking and privilege escalation, effectively bypassing any CSRF protections in place.\n",
  "id": "GHSA-cgr4-c233-h733",
  "modified": "2024-11-13T18:37:15Z",
  "published": "2024-11-13T18:37:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/unopim/unopim/security/advisories/GHSA-cgr4-c233-h733"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52305"
    },
    {
      "type": "WEB",
      "url": "https://github.com/unopim/unopim/commit/9a0da7a0892c60f58df2351b5a9498dcb4cb8b7a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/unopim/unopim"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "UnoPim Stored XSS : Cookie hijacking through Create User function"
}

GHSA-JGGQ-GVFM-QX6F

Vulnerability from github – Published: 2025-09-25 21:30 – Updated: 2025-09-26 21:30
VLAI
Details

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59402"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-616"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-25T21:15:31Z",
    "severity": "MODERATE"
  },
  "details": "Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.",
  "id": "GHSA-jggq-gvfm-qx6f",
  "modified": "2025-09-26T21:30:28Z",
  "published": "2025-09-25T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59402"
    },
    {
      "type": "WEB",
      "url": "https://gainsec.com/2025/09/19/root-from-the-coop-device-3-root-shell-on-flock-safetys-bravo-compute-box"
    },
    {
      "type": "WEB",
      "url": "https://gainsec.com/wp-content/uploads/2025/09/Root-from-the-Coop-Device-3_-Root-Shell-on-Flock-Safetys-Bravo-Compute-Box-GainSec.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.flocksafety.com/products"
    },
    {
      "type": "WEB",
      "url": "https://www.flocksafety.com/products/license-plate-readers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JPMF-R2GF-85WF

Vulnerability from github – Published: 2025-08-26 00:31 – Updated: 2025-08-26 18:31
VLAI
Details

File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-616"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-25T20:15:40Z",
    "severity": "MODERATE"
  },
  "details": "File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.",
  "id": "GHSA-jpmf-r2gf-85wf",
  "modified": "2025-08-26T18:31:15Z",
  "published": "2025-08-26T00:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52130"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SMEWebify/WebErpMesv2"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@The_Hiker/wrong-variable-name-leads-to-rce-cve-2025-52130-8ff59a7d245c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JPVH-V7H3-V24C

Vulnerability from github – Published: 2026-01-15 15:31 – Updated: 2026-01-15 18:31
VLAI
Details

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-67084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-616"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T15:15:51Z",
    "severity": "MODERATE"
  },
  "details": "File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).",
  "id": "GHSA-jpvh-v7h3-v24c",
  "modified": "2026-01-15T18:31:28Z",
  "published": "2026-01-15T15:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67084"
    },
    {
      "type": "WEB",
      "url": "https://github.com/InvoicePlane/InvoicePlane"
    },
    {
      "type": "WEB",
      "url": "https://www.helx.io/blog/advisory-invoice-plane"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PPJV-38XC-PVPX

Vulnerability from github – Published: 2024-03-21 06:33 – Updated: 2024-08-05 21:31
VLAI
Details

In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-29858"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-616"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-21T04:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.",
  "id": "GHSA-ppjv-38xc-pvpx",
  "modified": "2024-08-05T21:31:19Z",
  "published": "2024-03-21T06:33:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29858"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Use PHP 4 or later.

Mitigation
Architecture and Design

If you must support older PHP versions, write your own version of is_uploaded_file() and run it against $HTTP_POST_FILES['userfile']))

Mitigation
Implementation

For later PHP versions, reference uploaded files using the $HTTP_POST_FILES or $_FILES variables, and use is_uploaded_file() or move_uploaded_file() to ensure that you are dealing with an uploaded file.

No CAPEC attack patterns related to this CWE.