CVE-2024-55371

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-55371

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55371.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-55371

Published

2025-04-16T21:15:45Z

Modified

2025-06-04T03:57:47.244248Z

Summary

[none]

Details

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.

References

https://www.datafarm.co.th/blog/CVE-2024-55371-and-CVE-2024-55372-Malicious-File-Upload-to-RCE-in-Wallos-Application

Affected packages

Git / github.com/ellite/wallos

Affected ranges

Type: GIT
Repo: https://github.com/ellite/wallos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

89f29c2fa2494476217bdca980595bec86f09da9

Affected versions

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.10.0

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.12.0

v1.12.1

v1.13.0

v1.14.0

v1.14.1

v1.15.0

v1.15.1

v1.15.2

v1.15.3

v1.16.0

v1.16.1

v1.16.2

v1.16.3

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.18.0

v1.18.1

v1.18.2

v1.18.3

v1.19.0

v1.2.0

v1.20.0

v1.20.1

v1.20.2

v1.21.0

v1.21.1

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.25.1

v1.26.0

v1.26.1

v1.26.2

v1.27.0

v1.27.1

v1.27.2

v1.28.0

v1.29.0

v1.29.1

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.9.0

v1.9.1

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.11.1

v2.11.2

v2.12.0

v2.13.0

v2.14.0

v2.14.1

v2.14.2

v2.15.0

v2.16.0

v2.16.1

v2.17.0

v2.18.0

v2.19.0

v2.19.1

v2.19.2

v2.19.3

v2.2.0

v2.20.0

v2.20.1

v2.21.0

v2.21.1

v2.21.2

v2.21.3

v2.22.0

v2.22.1

v2.23.0

v2.23.1

v2.23.2

v2.24.0

v2.24.1

v2.25.0

v2.26.0

v2.27.0

v2.27.1

v2.27.2

v2.27.3

v2.28.0

v2.29.0

v2.29.1

v2.29.2

v2.3.0

v2.30.0

v2.30.1

v2.31.0

v2.31.1

v2.32.0

v2.33.0

v2.33.1

v2.34.0

v2.35.0

v2.36.0

v2.36.1

v2.36.2

v2.37.0

v2.37.1

v2.38.0

v2.38.1

v2.38.2

v2.4.0

v2.4.1

v2.4.2

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.6.1

v2.7.0

v2.8.0

v2.9.0