How severe is CVE-2024-47821?

This vulnerability has a severity rating of LOW with a CVSS score of 2.3 out of 10.

What type of vulnerability is CVE-2024-47821?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-47821 - LOW Severity | CVSS 2.3

Vulnerability Description

pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue.

Related Vulnerabilities

CVE-2019-3595

LOW

CVSS:2.0(Low)

Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to exec...

CWE-782019

CVE-2025-27398

LOW

CVSS:2.7(Low)

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log...

CWE-782025

CVE-2021-32556

LOW

CVSS:3.3(Low)

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.

CWE-782021

CVE-2022-0841

LOW

CVSS:3.8(Low)

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.

CWE-782022

CVE-2024-12970

LOW

CVSS:3.9(Low)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus O...

CWE-782024

CVE-2024-31843

MEDIUM

CVSS:4.1(Medium)

An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users...

CWE-782024