CVE-2024-52372

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Nov 14, 2024
Updated: Nov 15, 2024
CWE ID 434

Summary

CVE-2024-52372 is a newly discovered vulnerability affecting the WebTechGlobal Easy CSV Importer BETA software. This issue enables an Unrestricted File Upload of dangerous types, allowing an attacker to upload a web shell to a web server. The vulnerability spans from all versions prior to 7.0.0, putting a significant number of installations at risk. An attacker can exploit this flaw to gain unauthorized access and potentially take control of the affected web server.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share