CVE-2024-57248

Name of the Vulnerable Software and Affected Versions Gleamtech FileVista version 9.2.0.0

Description The issue allows remote attackers to achieve code execution, information disclosure, and escalation of privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files. This is due to a directory traversal vulnerability during file upload.

Recommendations For Gleamtech FileVista version 9.2.0.0, consider disabling the file upload feature until a patch is available to prevent remote attackers from uploading malicious files and achieving code execution, information disclosure, and escalation of privileges. Restrict access to sensitive areas of the system to minimize the risk of exploitation. Avoid using the vulnerable file upload functionality in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.