CVE-2024-55372

Name of the Vulnerable Software and Affected Versions Wallos versions <=2.38.2

Description The issue concerns a file upload vulnerability in the restore database function. This vulnerability allows unauthenticated users to restore a database by uploading a ZIP file, the contents of which are extracted on the server. This enables an unauthenticated attacker to upload malicious files to the server. Once a web shell is installed, the attacker can execute arbitrary commands.

Recommendations For Wallos versions <=2.38.2, as a temporary workaround, consider disabling the restore database function until a patch is available. Restrict access to the database restoration feature to minimize the risk of exploitation. Avoid using the restore database function with untrusted ZIP files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.