CVE-2024-55466

Medium CVSS: 6.5

An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.

Vendor

Thingsboard

Product

Thingsboard

CWE

CWE-77

Yayın Tarihi

2025-05-12 19:15:48

Güncelleme

2025-07-09 01:38:44

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Thingsboard MEDIUM Thingsboard 2025

Referanslar

https://github.com/cybsecsid/ThingsBoard-IoT-Platform-CVE-2024-55466 https://github.com/thingsboard/thingsboard/releases/tag/v3.8.1

Benzer Kayıtlar

Medium

CVE-2025-34281

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Galle…

Medium

CVE-2025-34282

ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload…

Medium

CVE-2025-9094

A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Ha…