CVE-2024-49381

CVSS v4.0

8.9

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Name of the Vulnerable Software and Affected Versions Plenti versions prior to 0.7.2

Description The issue is related to an arbitrary file deletion vulnerability. The /postLocal endpoint is vulnerable to an arbitrary file write deletion when a Plenti user serves their website. This problem may lead to information loss.

Recommendations For versions prior to 0.7.2, update to version 0.7.2 to fix the vulnerability. As a temporary workaround, consider restricting access to the /postLocal endpoint until the issue is resolved.

Exploit

Fix

Special Elements Injection

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-22

Related Identifiers

CVE-2024-49381

GHSA-6H8W-HRFP-PFFX

GO-2024-3214

OPENSUSE-SU-2024:0350-1

OPENSUSE-SU-2024:14447-1

OPENSUSE-SU-2024_3911-1

SUSE-SU-2024:3911-1

Affected Products

Plenti

Suse

CVE-2024-49381

Weakness Enumeration

Related Identifiers

Affected Products

References · 73