CVE-2024-38530
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 434
Summary
CVE-2024-38530: Unauthenticated Arbitrary File Upload Vulnerability in Open eClass Platform's H5P Module The Open eClass platform, a Course Management System, is affected by an arbitrary file upload vulnerability in its H5P module. This flaw, uncovered in CVE-2024-38530, allows unauthenticated users to upload arbitrary files to the server's filesystem. Potentially exploitable through the internet, this vulnerability may result in unrestricted Remote Code Execution (RCE) on the backend server. This issue has been remedied in version 3.16.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Openeclass