Arbitrary File Upload Vulnerability in Springboot Manager by By-Yexing
CVE-2024-24059

5.4MEDIUM

Key Information:

Vendor
Aitangbao
Status
Springboot-manager
Vendor
CVE Published:
1 February 2024

Summary

The springboot-manager v1.6 application contains a vulnerability that allows for arbitrary file uploads. This occurs due to insufficient validation of file suffixes during the upload process, potentially enabling attackers to upload malicious files. Organizations using this version of the software should take immediate action to mitigate risks associated with unauthorized file uploads, which could lead to data breaches or system compromise.

References

https://github.com/By-Yexing/Vulnerability_JAVA/blob/main...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-24059 : Arbitrary File Upload Vulnerability in Springboot Manager by By-Yexing | SecurityVulnerability.io