CVE-2024-31411

MEDIUM Year: 2024
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Related Vulnerabilities

CVE-2018-4921

MEDIUM
CVSS:6.1(Medium)

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.

CWE-4342018

CVE-2020-26583

MEDIUM
CVSS:6.1(Medium)

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, a...

CWE-4342020

CVE-2023-34833

MEDIUM
CVSS:6.1(Medium)

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.

CWE-4342023

CVE-2023-41564

MEDIUM
CVSS:6.1(Medium)

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

CWE-4342023

CVE-2023-4220

MEDIUM
CVSS:6.1(Medium)

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-...

CWE-4342023

CVE-2024-1932

MEDIUM
CVSS:6.1(Medium)

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout

CWE-4342024