CVE-2024-50527

Name of the Vulnerable Software and Affected Versions: Stacks Mobile App Builder versions n/a through 5.2.3

Description: The issue allows the unrestricted upload of files with dangerous types, enabling attackers to upload malicious web shells to servers. This can lead to significant security risks. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations: For versions n/a through 5.2.3, consider disabling the file upload feature until a patch is available. Restrict access to the web server to minimize the risk of exploitation. Avoid using the vulnerable file upload functionality in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.