An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file.
History

Thu, 13 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Bluexsx
Bluexsx box-im
CPEs cpe:2.3:a:bluexsx:box-im:2.0:*:*:*:*:*:*:*
Vendors & Products Bluexsx
Bluexsx box-im
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 20 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-24T14:06:03.524Z

Updated: 2025-02-13T15:59:06.686Z

Reserved: 2024-05-17T00:00:00.000Z

Link: CVE-2024-35592

cve-icon Vulnrichment

Updated: 2024-08-02T03:14:53.431Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-24T14:15:17.287

Modified: 2024-11-21T09:20:30.733

Link: CVE-2024-35592

cve-icon Redhat

No data.