CVE-2024-29272

Exploit

EPSS 89.26%
Veröffentlicht 22.03.2024 04:15:11
Zuletzt bearbeitet 28.05.2025 19:00:50
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vvveb ≫ Vvvebjs Version < 1.7.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	89.26%	0.995

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/givanz/VvvebJs/commit/c6422cfd4d835c2fa6d512645e30015f24538ef0

Patch

https://github.com/givanz/VvvebJs/issues/343

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-29272

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29272

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29272

EUVD