CVE-2024-35592

Name of the Vulnerable Software and Affected Versions Box-IM version 2.0

Description The issue allows attackers to execute arbitrary code via uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability in the Upload function.

Recommendations For Box-IM version 2.0, consider disabling the Upload function until a patch is available to prevent exploitation. Restrict access to the Upload function to minimize the risk of arbitrary code execution. Avoid using the Upload function with untrusted or unverified PDF files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.