PT-2024-32988 · Operately · Operately
Suphawith Phusanbai
·
Published
2024-10-30
·
Updated
2024-11-01
·
CVE-2024-48093
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Operately version 0.1.0
Description
The issue allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types in the Discussions tab.
Recommendations
For Operately version 0.1.0, consider validating file extensions and content types before allowing uploads to prevent malicious file execution. As a temporary workaround, restrict access to the Discussions tab to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Operately