CVE-2024-52306

EPSS 3.71%
Veröffentlicht 13.11.2024 16:15:20
Zuletzt bearbeitet 19.11.2024 15:02:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Backpackforlaravel ≫ Filemanager Version < 2.0.2

Backpackforlaravel ≫ Filemanager Version >= 3.0.0 < 3.0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.71%	0.876

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7.6	1	6	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b

Patch

https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-52306

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52306

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52306

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-52306