CVE-2024-2565

EUVD-2024-27514
A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
pandaxpandax
𝑥
≤ 2024-03-10
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
panda_xgopandax
𝑥
< 20240310
ADP
Common Weakness Enumeration
References
https://github.com/PandaXGO/PandaX/issues/5
https://vuldb.com/?ctiid.257064
https://vuldb.com/?id.257064
https://github.com/PandaXGO/PandaX/issues/5
https://vuldb.com/?ctiid.257064
https://vuldb.com/?id.257064