PT-2024-34914 · Unknown · Novel Design Store Directory

Stealthcopter

Published

2024-11-10

Updated

2025-03-15

CVE-2024-51788

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Novel Design Store Directory versions n/a through 4.3.0

Description The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to malicious activities on the server.

Recommendations For versions n/a through 4.3.0, update to version 4.3.0 or later to protect against this issue. As a temporary workaround, consider restricting file uploads to prevent the upload of dangerous file types until the update is applied.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2024-51788

Affected Products

Novel Design Store Directory

PT-2024-34914 · Unknown · Novel Design Store Directory

CVE-2024-51788

Weakness Enumeration

Related Identifiers

Affected Products

References · 9