CVE-2024-55371

Exploit

EPSS 0.21%
Veröffentlicht 16.04.2025 00:00:00
Zuletzt bearbeitet 03.06.2025 15:00:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wallosapp ≫ Wallos Version <= 2.38.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.438

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://www.datafarm.co.th/blog/CVE-2024-55371-and-CVE-2024-55372-Malicious-File-Upload-to-RCE-in-Wallos-Application

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-55371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-55371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-55371

EUVD