CVE-2024-55466

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.

Related Vulnerabilities

CVE-2016-10849

MEDIUM
CVSS:6.5(Medium)

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).

CWE-772016

CVE-2017-12094

MEDIUM
CVSS:6.5(Medium)

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attack...

CWE-772017

CVE-2019-12921

MEDIUM
CVSS:6.5(Medium)

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

CWE-772019

CVE-2019-14944

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to priv...

CWE-772019

CVE-2021-22867

MEDIUM
CVSS:6.5(Medium)

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not...

CWE-772021

CVE-2023-51295

MEDIUM
CVSS:6.5(Medium)

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.

CWE-772023