File Upload Vulnerability in QbiBot Allows Remote Attackers to Upload Malicious Files
CVE-2024-3778

7.2HIGH

Key Information:

Vendor: Ai3
Status: Qbibot
Vendor: CVE Published:; 15 April 2024

What is CVE-2024-3778?

The file upload feature of Ai3 QbiBot is susceptible to exploitation due to insufficient restrictions on file types. This weakness permits remote attackers, who hold administrative access, to upload files that could execute harmful code within the system. Such vulnerabilities may lead to unauthorized control and compromise, making it essential for users to apply best practices in file validation and management.

Affected Version(s)

QbiBot earlier <= 8.0.4

References

https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Apr 15, 2024