CVE-2024-54794

Critical CVSS: 9.1

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.

Vendor

Product

CWE

Yayın Tarihi

2025-01-21 18:15:14

Güncelleme

2025-10-17 16:15:36

Source Identifier

cve@mitre.org

KEV Date Added

CWE-77 Spagobi CRITICAL Eng 2025

https://github.com/MarioTesoro/CVE-2024-54794 https://github.com/MarioTesoro/vulnerability-research/tree/main/CVE-2024-54794

Medium

CVE-2025-58441

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-si…

Critical

CVE-2025-59954

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote…

Low

CVE-2025-55007

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to s…

Medium

CVE-2024-54792

A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An…

Medium

CVE-2024-54795

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the works…