How severe is CVE-2024-55372?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-55372?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2024-55372 - CRITICAL Severity | CVSS 9.8

Q: What is CVE-2024-55372?

Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.

Vulnerability Description

Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.

Related Vulnerabilities

CVE-2014-125044

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. I...

CWE-732014

CVE-2014-125059

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post...

CWE-732014

CVE-2018-17246

CRITICAL

CVSS:9.8(Critical)

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to exec...

CWE-732018

CVE-2019-3681

CRITICAL

CVSS:9.8(Critical)

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Soft...

CWE-732019

CVE-2020-9752

CRITICAL

CVSS:9.8(Critical)

Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.

CWE-732020

CVE-2021-38477

CRITICAL

CVSS:9.8(Critical)

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.

CWE-732021