How severe is CVE-2024-47169?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-47169?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2024-47169 - HIGH Severity | CVSS 8.8

Vulnerability Description

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability.

Related Vulnerabilities

CVE-2023-46690

HIGH

CVSS:8.8(High)

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.

CWE-352023

CVE-2023-5800

HIGH

CVSS:8.8(High)

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw c...

CWE-352023

CVE-2024-0113

HIGH

CVSS:8.8(High)

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this...

CWE-352024

CVE-2024-1886

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.

CWE-352024

CVE-2024-51582

HIGH

CVSS:8.8(High)

Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.

CWE-352024

CVE-2025-22786

HIGH

CVSS:8.8(High)

Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6.

CWE-352025