How severe is CVE-2024-31462?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-31462?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-31462

MEDIUM Year: 2024

CVSS v3 Score

6.3

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access.

CVE-2016-7169

MEDIUM

CVSS:6.3(Medium)

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenti...

CWE-222016

CVE-2017-9640

MEDIUM

CVSS:6.3(Medium)

A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC W...

CWE-222017

CVE-2020-10014

MEDIUM

CVSS:6.3(Medium)

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its san...

CWE-222020

CVE-2022-46902

MEDIUM

CVSS:6.3(Medium)

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows ...

CWE-222022

CVE-2023-42961

MEDIUM

CVSS:6.3(Medium)

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandbox...

CWE-222023

CVE-2024-23793

MEDIUM

CVSS:6.3(Medium)

The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to dire...

CWE-222024

CVE-2024-31462

Vulnerability Description

Related Vulnerabilities

CVE-2016-7169

CVE-2017-9640

CVE-2020-10014

CVE-2022-46902

CVE-2023-42961

CVE-2024-23793