CVE-2024-50620

High CVSS: 8.8

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading files on the document management page. Those executables can be executed if they are not stored in a shared directory or if the storage directory has executed permissions.

Vendor

Cipplanner

Product

Cipace

CWE

CWE-434

Yayın Tarihi

2026-02-11 21:16:17

Güncelleme

2026-02-20 20:18:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Cipace HIGH Cipplanner 2026

Referanslar

https://cipplanner.com/cve-2024-50620-cve-public-notification-of-resolution/ https://www.facebook.com/people/CIPPlanner-Corporation/100082985059905/

Benzer Kayıtlar

High

CVE-2024-50619

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to es…

High

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to…

Medium

CVE-2024-50618

A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 all…