CVE-2024-55371

Critical CVSS: 9.8

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.

Vendor

Wallosapp

Product

Wallos

CWE

CWE-73

Yayın Tarihi

2025-04-16 21:15:45

Güncelleme

2025-06-03 15:00:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-73 Wallos CRITICAL Wallosapp 2025

Referanslar

https://www.datafarm.co.th/blog/CVE-2024-55371-and-CVE-2024-55372-Malicious-File-Upload-to-RCE-in-Wallos-Application

Benzer Kayıtlar

Medium

CVE-2026-33417

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in…

High

CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in v…

Medium

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scrip…

High

CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in c…

High

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/se…

Medium

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.…