Enterprise Cloud Database
CVE-2024-9985
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.
AnalysisAI
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. Affected products include: Ragic Enterprise Cloud Database.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Enterprise Cloud Database
View allEnterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated re
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remo
Unrestricted file upload in Ragic Enterprise Cloud Database exposes all versions to unauthenticated remote exploitation,
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium
Stored XSS in Ragic Enterprise Cloud Database permits unauthenticated remote attackers to inject persistent JavaScript i
Share
External POC / Exploit Code
Leaving vuln.today