CVE-2024-24550 HIGH

CVE-2024-24550: Bludit - Remote Code Execution (RCE) through File API

Vendor Bludit
Product Bludit
Weakness CWE-77
Published June 24, 2024
Last update August 1, 2024

CVSS base score

8.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

Key dates

02Disclosure timeline

June 24, 2024 CVE published
August 1, 2024 Record updated