PT-2025-16885 · Wallos · Wallos

Published

2025-04-16

Updated

2025-04-20

CVE-2024-55371

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wallos versions 2.38.2 and earlier

Description The issue allows authenticated users to upload malicious files to the server through the restore backup function by uploading a ZIP file. The contents of the ZIP file are extracted on the server, enabling an attacker to install a web shell and gain the ability to execute arbitrary commands.

Recommendations For Wallos versions 2.38.2 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73

Related Identifiers

CVE-2024-55371

Affected Products

Wallos

PT-2025-16885 · Wallos · Wallos

CVE-2024-55371

Weakness Enumeration

Related Identifiers

Affected Products

References · 6