CVE-2024-48760

Critical CVSS: 9.8

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.

Vendor

Gestioip

Product

Gestioip

CWE

CWE-434

Yayın Tarihi

2025-01-14 22:15:26

Güncelleme

2025-06-06 15:40:58

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Gestioip CRITICAL Gestioip 2025

Referanslar

http://www.gestioip.net/index.html https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 https://github.com/muebel/gestioip-docker-compose

Benzer Kayıtlar

Medium

CVE-2024-50857

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and en…

High

CVE-2024-50858

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actio…

Medium

CVE-2024-50859

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly forma…

Medium

CVE-2024-50861

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious cod…