How severe is CVE-2024-2195?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-2195?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-2195

CRITICAL Year: 2024

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-94

View all →

Vulnerability Description

A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise.

CVE-2006-3136

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nu...

CWE-942006

CVE-2006-5021

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parame...

CWE-942006

CVE-2006-5610

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code...

CWE-942006

CVE-2006-6975

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disp...

CWE-942006

CVE-2006-7105

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclo...

CWE-942006

CVE-2007-4290

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, ...

CWE-942007

CVE-2024-2195

Vulnerability Description

Related Vulnerabilities

CVE-2006-3136

CVE-2006-5021

CVE-2006-5610

CVE-2006-6975

CVE-2006-7105

CVE-2007-4290