CVE-2024-8517

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-646
View all →

Vulnerability Description

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.

Related Vulnerabilities

CVE-2024-38432

CRITICAL
CVSS:9.8(Critical)

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

CWE-6462024

CVE-2025-1889

MEDIUM
CVSS:9.8(Critical)

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pick...

CWE-6462025

CVE-2021-34639

HIGH
CVSS:8.8(High)

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some confi...

CWE-6462021

CVE-2023-45599

HIGH
CVSS:8.8(High)

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arb...

CWE-6462023

CVE-2024-38432

CRITICAL
CVSS:9.8(Critical)

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

CWE-6462024

CVE-2025-1889

MEDIUM
CVSS:9.8(Critical)

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pick...

CWE-6462025