Profile Manipulation Vulnerability in Snipe-IT by Snipe-IT

CVE-2024-51094

What is CVE-2024-51094?

A vulnerability in Snipe-IT version 7.0.13 build 15514 allows low-privileged users to alter their profile names and inject harmful payloads into the 'Name' field. This exploited payload can be triggered when an administrator accesses the People Management page and subsequently exports user data to a CSV file. Opening this CSV could lead to the unwanted execution of the injected code, potentially facilitating exfiltration of sensitive internal data to a remote server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References