CVE-2024-24551 HIGH

CVE-2024-24551: Bludit - Remote Code Execution (RCE) through Image API

Vendor Bludit
Product Bludit
Weakness CWE-77
Published June 24, 2024
Last update August 1, 2024

CVSS base score

8.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

Key dates

02Disclosure timeline

June 24, 2024 CVE published
August 1, 2024 Record updated