VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 11, 2024· Updated Aug 28, 2024

CVE-2024-29399

CVE-2024-29399

Description

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • GNU/Savanedescription
  • GNU/Savanellm-create
    Range: <=3.13

Patches

Vulnerability mechanics

Root cause

"A lack of validation on uploaded files allows for the upload of dangerous file types."

Attack vector

An attacker can visit the `/register/upload.php` component and upload a malicious file, such as an HTML or PHP file, depending on the web server's configuration [ref_id=1]. If the web server is configured according to the installation instructions, this can lead to Cross-Site Scripting (XSS). In misconfigured servers, this vulnerability can be exploited for Remote Code Execution (RCE) [ref_id=1]. The attacker then visits the link to the uploaded file to trigger the malicious code execution.

Affected code

The vulnerability lies within the `upload.php` component of GNU Savane, specifically in versions 3.13 and prior. The issue stems from a lack of validation on uploaded files, allowing for the upload of dangerous file types [ref_id=1].

What the fix does

The advisory recommends upgrading to Savane version 3.14 or higher to mitigate this vulnerability [ref_id=1]. The patch, available at the provided link, addresses the unrestricted upload of files with dangerous types by implementing proper validation on uploaded files [ref_id=1]. This prevents the execution of arbitrary code and privilege escalation.

Preconditions

  • inputThe attacker must craft a malicious file (e.g., HTML or PHP).
  • networkThe attacker must be able to access the `/register/upload.php` component.
  • configThe web server must be configured in a way that allows for XSS or RCE based on the uploaded file type.

Reproduction

1. Visit `/register/upload.php` in the browser. 2. Upload a malicious file (e.g., PoC.html or PoC.php). 3. Visit the displayed link to the uploaded file to trigger code execution [ref_id=1].

Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

News mentions

0

No linked articles in our index yet.