CVE-2024-9985
published 2024-10-15CVE-2024-9985: Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.63%
45.4th percentile
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ragic | enterprise_cloud_database | < 2024/08/08 09:45:25 | 2024/08/08 09:45:25 |
| ragic | enterprise_cloud_database | < 2024-08-08 | 2024-08-08 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Calibre <= 7.14.0 Arbitrary File Read
nuclei·CVSS 7.5
CVE-2024-6781 [HIGH] Calibre <= 7.14.0 Arbitrary File Read
Calibre <= 7.14.0 Arbitrary File Read
Arbitrary file read via Calibre’s content server in Calibre <= 7.14.0.
Template:
id: CVE-2024-6781
info:
name: Calibre <= 7.14.0 Arbitrary File Read
author: DhiyaneshDK
severity: high
description: |
Arbitrary file read via Calibre’s content server in Calibre <= 7.14.0.
impact: |
Attackers can exploit the content server's export functionality to read arbitrary files from the system through path traversal.
remediation: |
Update Calibre to version 7.15.0 or later to address the arbitrary file read vulnerability.
reference:
- https://starlabs.sg/advisories/24/24-6781/
classification:
cve-id: CVE-2024-6781
cwe-id: CWE-22
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
epss-score: 0.93721
epss-percentile: 0.9985
cpe: cpe:2.3:a:
2024-10-15
Published