CVE-2024-47259

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-434
View all →

Vulnerability Description

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Related Vulnerabilities

CVE-2005-0254

LOW
CVSS:3.7(Low)

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to ...

CWE-4342005

CVE-2022-2872

LOW
CVSS:3.7(Low)

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.

CWE-4342022

CVE-2018-19420

LOW
CVSS:3.8(Low)

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension (e.g....

CWE-4342018

CVE-2018-19421

LOW
CVSS:3.8(Low)

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/secu...

CWE-4342018

CVE-2022-22450

LOW
CVSS:3.8(Low)

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916.

CWE-4342022

CVE-2022-4665

LOW
CVSS:3.1(Low)

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6.

CWE-4342022