CVE-2024-52490
published 2024-11-28CVE-2024-52490: Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue…
PriorityP186critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.56%
42.5th percentile
Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through <= 2.5.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pathomation | pathomation | <= 2.5.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wv9c-gm3f-587q: Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server
ghsa_unreviewed·2024-11-28
CVE-2024-52490 [CRITICAL] CWE-434 GHSA-wv9c-gm3f-587q: Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server
Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1.
VulnCheck
Unrestricted Upload of File with Dangerous Type
vulncheck·2024
CVE-2024-52490 Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through <= 2.5.1.
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/pathomation/vulnerability/wordpress-pathomation-plugin-2-5-1-arbitrary-file-upload-vulnerability; https://www.cve.org/CVERecord?id=CVE-2024-52490
No detection rules found.
No public exploits indexed.
2024-11-28
Published
Exploited in the wild