CVE-2024-39717

MEDIUM Year: 2024
CVSS v3 Score
6.6
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

Related Vulnerabilities

CVE-2021-29699

MEDIUM
CVSS:6.6(Medium)

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.

CWE-4342021

CVE-2021-31207

MEDIUM
CVSS:6.6(Medium)

Microsoft Exchange Server Security Feature Bypass Vulnerability

CWE-4342021

CVE-2022-0263

MEDIUM
CVSS:6.6(Medium)

Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.

CWE-4342022

CVE-2023-3800

MEDIUM
CVSS:6.6(Medium)

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the componen...

CWE-4342023

CVE-2024-49676

MEDIUM
CVSS:6.6(Medium)

Unrestricted Upload of File with Dangerous Type vulnerability in Michael Bourne Custom Icons for Elementor allows Upload a Web Shell to a Web Server.This issue affects Custom Icons for Elementor: from...

CWE-4342024

CVE-2024-53811

MEDIUM
CVSS:6.6(Medium)

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40.

CWE-4342024