How severe is CVE-2024-54449?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-54449?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2024-54449 - HIGH Severity | CVSS N/A

Vulnerability Description

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.

Related Vulnerabilities

CVE-2023-2356

CRITICAL

CVSS:10.0(Critical)

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

CWE-232023

CVE-2023-3941

CRITICAL

CVSS:10.0(Critical)

Relative Path Traversal vulnerability in ZkTeco-based OEM devices allows an attacker to write any file on the system with root privileges. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X...

CWE-232023

CVE-2024-0520

CRITICAL

CVSS:10.0(Critical)

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.h...

CWE-232024

CVE-2024-24578

CRITICAL

CVSS:10.0(Critical)

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE...

CWE-232024

CVE-2023-40714

CRITICAL

CVSS:9.9(Critical)

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

CWE-232023

CVE-2024-3025

CRITICAL

CVSS:9.9(Critical)

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by...

CWE-232024