VYPR
Unrated severityNVD Advisory· Published Jun 24, 2024· Updated Aug 1, 2024

Bludit - Remote Code Execution (RCE) through File API

CVE-2024-24550

Description

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Bludit/Bluditllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 3.14.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.