PT-2024-35210 · Unknown · Devexhub Gallery
Stealthcopter
·
Published
2024-11-14
·
Updated
2024-11-15
·
CVE-2024-52373
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Devexhub Gallery versions n/a through 2.0.1
Description
The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to potential exploitation and unauthorized access.
Recommendations
For Devexhub Gallery versions n/a through 2.0.1, consider restricting file uploads to only allow safe file types until a patch is available.
As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation.
Avoid using the file upload feature in Devexhub Gallery until the issue is resolved.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Devexhub Gallery