Remote Code Execution and Privilege Escalation Vulnerability in GNU Savane
CVE-2024-29399
Currently unrated
Key Information:
- Vendor
- GNU Savane
- Vendor
- CVE Published:
- 11 April 2024
Badges
πΎ Exploit Exists
Summary
A vulnerability exists in GNU Savane versions 3.13 and earlier that allows remote attackers to execute arbitrary code. This is achieved through the upload.php component, where crafted files can be uploaded, leading to potential privilege escalation. The flaw highlights the importance of securing file upload functionalities to prevent unauthorized access and control.
References
Timeline
Vulnerability published
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability Reserved