CVE-2024-10831

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-36
View all →

Vulnerability Description

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the `file_key` and `doc_file.filename` parameters are user-controllable, enabling the construction of paths outside the intended directory. This can lead to overwriting essential system files, such as SSH keys, for further exploitation.

Related Vulnerabilities

CVE-2024-2362

CRITICAL
CVSS:9.1(Critical)

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can...

CWE-362024

CVE-2024-47883

CRITICAL
CVSS:9.1(Critical)

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resourc...

CWE-362024

CVE-2022-20958

HIGH
CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack o...

CWE-362022

CVE-2023-40597

HIGH
CVSS:8.8(High)

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

CWE-362023

CVE-2023-5022

HIGH
CVSS:8.8(High)

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The...

CWE-362023

CVE-2024-21323

HIGH
CVSS:8.8(High)

Microsoft Defender for IoT Remote Code Execution Vulnerability

CWE-362024