CVE-2024-44373

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-44373

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44373.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-44373

Published

2025-08-19T19:15:33.497Z

Modified

2025-12-05T12:31:57.378874Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php.

References

Affected packages

Git / github.com/allskyteam/allsky

Affected ranges

Type: GIT
Repo: https://github.com/allskyteam/allsky
Events: Introduced

1aa38317274600a0cabf2c3c3d1ca1b9a42d099e

Last affected

171b15cac1eb5ec972fea85e596ab8e2b74e2ba1

Affected versions

v2023.*

v2023.05.01

v2023.05.01_01

v2023.05.01_02

v2023.05.01_03

v2023.05.01_04

v2023.05.01_05

v2024.*

v2024.12.06

v2024.12.06_01

v2024.12.06_02

v2024.12.06_03

v2024.12.06_04

v2024.12.06_05

v2024.12.06_06

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44373.json"