CVE-2024-24550

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-24550

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24550.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-24550

Published

2024-06-24T07:15:13.580Z

Modified

2026-04-10T05:09:49.849382Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

References

https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

Affected packages

Git / github.com/bludit/bludit

Affected ranges

Type

GIT

Repo

https://github.com/bludit/bludit

Events

Introduced

29b7d74ead855a36ad270bbfca055e27f3ff7916

Last affected

0a9c21a1e8f515181c6de9aa0500b9ff5a481093

Database specific

{
    "versions": [
        {
            "introduced": "3.14.0"
        },
        {
            "last_affected": "3.15.0"
        }
    ]
}

Affected versions

3.*

3.14.0

3.14.0-test

3.14.1

3.15.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24550.json"