8.8

CVE-2024-50620

EPSS 0.29%
Veröffentlicht 11.02.2026 00:00:00
Zuletzt bearbeitet 20.02.2026 20:18:37
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading files on the document management page. Those executables can be executed if they are not stored in a shared directory or if the storage directory has executed permissions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cipplanner ≫ Cipace Version < 9.17

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.203

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.facebook.com/people/CIPPlanner-Corporation/100082985059905/

Permissions Required

https://cipplanner.com/cve-2024-50620-cve-public-notification-of-resolution/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-50620

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50620

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50620

EUVD