Skip to main content

CVE-2024-28147

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2024-06-20 551230f0-3615-47bd-b7cc-93e92e730bbf
7.4
CVSS 3.1 · Vendor: 551230f0-3615-47bd-b7cc-93e92e730bbf
Share

Severity by source

Vendor (551230f0-3615-47bd-b7cc-93e92e730bbf) PRIMARY
7.4 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

Primary rating from Vendor (551230f0-3615-47bd-b7cc-93e92e730bbf) · only source for this CVE.

CVSS VectorVendor: 551230f0-3615-47bd-b7cc-93e92e730bbf

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 20, 2024 - 11:15 cve.org
HIGH 7.4

DescriptionCVE.org

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack.

This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.

AnalysisAI

An authenticated user can upload arbitrary files in the upload function for collection preview images. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

Share

CVE-2024-28147 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy