How severe is CVE-2024-6937?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2024-6937?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2024-6937

MEDIUM Year: 2024

CVSS v3 Score

2.7

Low

CVSS v2 Score

3.3

Low

Weakness Type

CWE-73

View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2020-5297

LOW

CVSS:2.7(Low)

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff...

CWE-732020

CVE-2024-10492

LOW

CVSS:2.7(Low)

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high acc...

CWE-732024

CVE-2024-10672

LOW

CVSS:2.7(Low)

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all...

CWE-732024

CVE-2025-1911

LOW

CVSS:2.7(Low)

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page...

CWE-732025

CVE-2025-1972

LOW

CVSS:2.7(Low)

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to,...

CWE-732025

CVE-2021-1306

LOW

CVSS:3.4(Low)

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local at...

CWE-732021

CVE-2024-6937

Vulnerability Description

Related Vulnerabilities

CVE-2020-5297

CVE-2024-10492

CVE-2024-10672

CVE-2025-1911

CVE-2025-1972

CVE-2021-1306