CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CVE-2024-3948 (GCVE-0-2024-3948)
Vulnerability from cvelistv5 – Published: 2024-04-18 11:00 – Updated: 2024-08-08 19:39
VLAI
Title
SourceCodester Home Clean Service System Photo student.add.php unrestricted upload
Summary
A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.261440 | vdb-entry |
| https://vuldb.com/?ctiid.261440 | signaturepermissions-required |
| https://vuldb.com/?submit.318722 | third-party-advisory |
| https://github.com/xuanluansec/vul/issues/5 | exploitissue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Home Clean Service System |
Affected:
1.0
|
|
| sourcecodester | home_cleaning_service_system |
Affected:
1.0
cpe:2.3:a:sourcecodester:home_cleaning_service_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-261440 | SourceCodester Home Clean Service System Photo student.add.php unrestricted upload",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.261440"
},
{
"name": "VDB-261440 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.261440"
},
{
"name": "Submit #318722 | SourceCodester Home Clean Service System in PHP Free Source Code V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.318722"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/xuanluansec/vul/issues/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:home_cleaning_service_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "home_cleaning_service_system",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3948",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T15:35:11.539599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T19:39:32.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Photo Handler"
],
"product": "Home Clean Service System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "fengxiangdi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \\admin\\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Home Clean Service System 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei \\admin\\student.add.php der Komponente Photo Handler. Durch die Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T11:00:05.499Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-261440 | SourceCodester Home Clean Service System Photo student.add.php unrestricted upload",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.261440"
},
{
"name": "VDB-261440 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.261440"
},
{
"name": "Submit #318722 | SourceCodester Home Clean Service System in PHP Free Source Code V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.318722"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/xuanluansec/vul/issues/5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-18T08:01:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Home Clean Service System Photo student.add.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3948",
"datePublished": "2024-04-18T11:00:05.499Z",
"dateReserved": "2024-04-18T05:56:29.156Z",
"dateUpdated": "2024-08-08T19:39:32.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3962 (GCVE-0-2024-3962)
Vulnerability from cvelistv5 – Published: 2024-04-26 08:29 – Updated: 2026-04-08 16:52
VLAI
Title
Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file
Summary
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product that contains a file upload field to retrieve the correct nonce.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| themeisle | PPOM – Product Addons & Custom Fields for WooCommerce |
Affected:
0 , ≤ 32.0.18
(semver)
|
|
| themeisle | product_addons_\&_fields_for_woocommerce |
Affected:
0 , ≤ 32.0.18
(custom)
cpe:2.3:a:themeisle:product_addons_\&_fields_for_woocommerce:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:themeisle:product_addons_\\\u0026_fields_for_woocommerce:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "product_addons_\\\u0026_fields_for_woocommerce",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "32.0.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T19:25:51.638572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:34.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://themeisle.com/plugins/ppom-pro/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PPOM \u2013 Product Addons \u0026 Custom Fields for WooCommerce",
"vendor": "themeisle",
"versions": [
{
"lessThanOrEqual": "32.0.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "andrea bocchetti"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Product Addons \u0026 Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product that contains a file upload field to retrieve the correct nonce."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:52:06.464Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=cve"
},
{
"url": "https://themeisle.com/plugins/ppom-pro/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3075669/woocommerce-product-addon"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-18T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-04-25T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Product Addons \u0026 Fields for WooCommerce \u003c= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3962",
"datePublished": "2024-04-26T08:29:20.259Z",
"dateReserved": "2024-04-18T18:43:25.717Z",
"dateUpdated": "2026-04-08T16:52:06.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39752 (GCVE-0-2024-39752)
Vulnerability from cvelistv5 – Published: 2025-07-10 14:15 – Updated: 2025-08-18 01:35
VLAI
Title
IBM Analytics Content Hub file upload
Summary
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7234122 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Analytics Content Hub |
Affected:
2.0, 2.1, 2.2, 2.3
cpe:2.3:a:ibm:analytics_content_hub:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:analytics_content_hub:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:analytics_content_hub:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:analytics_content_hub:2.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:15:56.759223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:16:05.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:analytics_content_hub:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:analytics_content_hub:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:analytics_content_hub:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:analytics_content_hub:2.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Analytics Content Hub",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1, 2.2, 2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
}
],
"value": "IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:35:39.017Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234122"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Analytics Content Hub 2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4\u003cbr\u003e"
}
],
"value": "IBM Analytics Content Hub 2.0 - 2.3 - Download IBM Cognos Analytics Content Hub 2.4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Analytics Content Hub file upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39752",
"datePublished": "2025-07-10T14:15:19.208Z",
"dateReserved": "2024-06-28T09:34:46.058Z",
"dateUpdated": "2025-08-18T01:35:39.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39865 (GCVE-0-2024-39865)
Vulnerability from cvelistv5 – Published: 2024-07-09 12:05 – Updated: 2025-08-27 20:42
VLAI
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SINEMA Remote Connect Server |
Affected:
0 , < V3.2 SP1
(custom)
|
|
| siemens | sinema_remote_connect_server |
Affected:
0 , < 3.2
(custom)
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinema_remote_connect_server",
"vendor": "siemens",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T13:28:45.741199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:56.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:05:19.951Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-39865",
"datePublished": "2024-07-09T12:05:19.951Z",
"dateReserved": "2024-07-01T13:05:40.287Z",
"dateUpdated": "2025-08-27T20:42:56.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4033 (GCVE-0-2024-4033)
Vulnerability from cvelistv5 – Published: 2024-05-02 16:52 – Updated: 2026-04-08 17:28
VLAI
Title
All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image
Summary
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| plugins360 | All-in-One Video Gallery |
Affected:
0 , ≤ 3.6.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T20:18:38.860009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:48.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f295f9-1090-4b10-abc5-3f73c5b4e28d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/includes/functions.php#L140"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3078876%40all-in-one-video-gallery%2Ftrunk\u0026old=3072329%40all-in-one-video-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "All-in-One Video Gallery",
"vendor": "plugins360",
"versions": [
{
"lessThanOrEqual": "3.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:50.007Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f295f9-1090-4b10-abc5-3f73c5b4e28d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/includes/functions.php#L140"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3078876%40all-in-one-video-gallery%2Ftrunk\u0026old=3072329%40all-in-one-video-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-01T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "All-in-One Video Gallery \u003c= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4033",
"datePublished": "2024-05-02T16:52:46.859Z",
"dateReserved": "2024-04-22T17:59:21.795Z",
"dateUpdated": "2026-04-08T17:28:50.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40645 (GCVE-0-2024-40645)
Vulnerability from cvelistv5 – Published: 2024-07-31 18:57 – Updated: 2024-07-31 20:13
VLAI
Title
FOG Authenticated File Upload RCE
Summary
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/FOGProject/fogproject/security… | x_refsource_CONFIRM |
| https://github.com/FOGProject/fogproject/commit/9… | x_refsource_MISC |
| https://github.com/FOGProject/fogproject/blob/a4b… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| FOGProject | fogproject |
Affected:
< 1.5.10.41
|
|
| fogproject | fogproject |
Affected:
0 , < 1.5.10.41
(custom)
cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fogproject",
"vendor": "fogproject",
"versions": [
{
"lessThan": "1.5.10.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40645",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T20:11:58.543306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T20:13:14.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fogproject",
"vendor": "FOGProject",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.10.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:57:50.347Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f"
},
{
"name": "https://github.com/FOGProject/fogproject/commit/9469606a18bf8887740cceed6593a2e0380b5e0c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FOGProject/fogproject/commit/9469606a18bf8887740cceed6593a2e0380b5e0c"
},
{
"name": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896"
}
],
"source": {
"advisory": "GHSA-59mq-q8g5-2f4f",
"discovery": "UNKNOWN"
},
"title": "FOG Authenticated File Upload RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-40645",
"datePublished": "2024-07-31T18:57:50.347Z",
"dateReserved": "2024-07-08T16:13:15.512Z",
"dateUpdated": "2024-07-31T20:13:14.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40691 (GCVE-0-2024-40691)
Vulnerability from cvelistv5 – Published: 2024-12-03 16:41 – Updated: 2024-12-03 19:10
VLAI
Title
IBM Cognos Controller file upload
Summary
IBM Cognos Controller 11.0.0 and 11.0.1
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cognos Controller |
Affected:
11.0.0, 11.0.1
cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T19:10:20.787413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T19:10:40.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_controller:11.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cognos Controller",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.0.0, 11.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Controller 11.0.0 and 11.0.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Cognos Controller 11.0.0 and 11.0.1 \n\ncould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:41:37.813Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177220"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cognos Controller file upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40691",
"datePublished": "2024-12-03T16:41:37.813Z",
"dateReserved": "2024-07-08T19:31:03.051Z",
"dateUpdated": "2024-12-03T19:10:40.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40693 (GCVE-0-2024-40693)
Vulnerability from cvelistv5 – Published: 2025-01-24 15:26 – Updated: 2025-02-12 20:01
VLAI
Title
IBM Planning Analytics file upload
Summary
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7168387 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Planning Analytics Local |
Affected:
2.0, 2.1
cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T15:46:08.217878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:19.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:planning_analytics_local:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:planning_analytics_local:2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Planning Analytics Local",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
}
],
"value": "IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T15:26:27.144Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168387"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Planning Analytics file upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40693",
"datePublished": "2025-01-24T15:26:27.144Z",
"dateReserved": "2024-07-08T19:31:03.052Z",
"dateUpdated": "2025-02-12T20:01:19.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40695 (GCVE-0-2024-40695)
Vulnerability from cvelistv5 – Published: 2024-12-20 13:41 – Updated: 2024-12-20 15:42
VLAI
Title
IBM Cognos Analytics file upload
Summary
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and
12.0.0 through 12.0.4
could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7179496 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cognos Analytics |
Affected:
11.2.0 , ≤ 11.2.4
(semver)
Affected: 12.0.0 , ≤ 12.0.4 (semver) cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T15:41:48.274181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T15:42:12.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cognos Analytics",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.2.4",
"status": "affected",
"version": "11.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.0.0 through 12.0.4\u003c/span\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and \n\n12.0.0 through 12.0.4\n\n\n\ncould be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T13:41:00.327Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7179496"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cognos Analytics file upload",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40695",
"datePublished": "2024-12-20T13:41:00.327Z",
"dateReserved": "2024-07-08T19:31:03.052Z",
"dateUpdated": "2024-12-20T15:42:12.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40744 (GCVE-0-2024-40744)
Vulnerability from cvelistv5 – Published: 2024-12-04 15:01 – Updated: 2024-12-25 04:34
VLAI
Title
Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8
Summary
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tassos.gr/joomla-extensions/convert-forms | product |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| tassos.gr | Convert Forms component for Joomla |
Affected:
1.0.0-4.4.7
|
|
| tassosgr | convert_forms |
Affected:
1.0.0 , < 4.4.8
(custom)
cpe:2.3:a:tassosgr:convert_forms:*:*:*:*:*:joomla\!:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tassosgr:convert_forms:*:*:*:*:*:joomla\\!:*:*"
],
"defaultStatus": "unknown",
"product": "convert_forms",
"vendor": "tassosgr",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T17:04:35.515167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T17:27:11.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_osticky",
"product": "Convert Forms component for Joomla",
"vendor": "tassos.gr",
"versions": [
{
"status": "affected",
"version": "1.0.0-4.4.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Horizon Security\u2019s Offensive Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8."
}
],
"value": "Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-25T04:34:33.216Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.tassos.gr/joomla-extensions/convert-forms"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla \u003c 4.4.8",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2024-40744",
"datePublished": "2024-12-04T15:01:50.739Z",
"dateReserved": "2024-07-09T16:16:21.863Z",
"dateUpdated": "2024-12-25T04:34:33.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Generate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]
Mitigation ID: MIT-21
Phase: Architecture and Design
Strategy: Enforcement by Conversion
Description:
- When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Mitigation
Phase: Architecture and Design
Description:
- Consider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- For example, limiting filenames to alphanumeric characters can help to restrict the introduction of unintended file extensions.
Mitigation
Phase: Architecture and Design
Description:
- Define a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types.
Mitigation
Phase: Implementation
Strategy: Input Validation
Description:
- Ensure that only one extension is used in the filename. Some web servers, including some versions of Apache, may process files based on inner extensions so that "filename.php.gif" is fed to the PHP interpreter.[REF-422] [REF-423]
Mitigation
Phase: Implementation
Description:
- When running on a web server that supports case-insensitive filenames, perform case-insensitive evaluations of the extensions that are provided.
Mitigation ID: MIT-15
Phase: Architecture and Design
Description:
- For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation
Phase: Implementation
Description:
- Do not rely exclusively on sanity checks of file contents to ensure that the file is of the expected type and size. It may be possible for an attacker to hide code in some file segments that will still be executed by the server. For example, GIF images may contain a free-form comments field.
Mitigation
Phase: Implementation
Description:
- Do not rely exclusively on the MIME content type or filename attribute when determining how to render a file. Validating the MIME content type and ensuring that it matches the extension is only a partial solution.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation ID: MIT-22
Phases: Architecture and Design, Operation
Strategy: Sandbox or Jail
Description:
- Run the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.
- OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.