CVE-2024-50620

Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17

Description The software contains flaws related to unrestricted file uploads with dangerous file types in the rich text editor and document management components. A user with authorization can upload executable files through the rich text editor when inserting images and through the document management page when uploading files. If these executables are not stored in a shared directory or if the storage directory has execute permissions, they can be executed.

Recommendations Update to version 9.17 or later.