CVE-2024-52372
CVSS 3.1 Score 10.0 of 10 (high)
Details
Published Nov 14, 2024
Updated: Nov 15, 2024
CWE ID 434
Summary
CVE-2024-52372 is a newly discovered vulnerability affecting the WebTechGlobal Easy CSV Importer BETA software. This issue enables an Unrestricted File Upload of dangerous types, allowing an attacker to upload a web shell to a web server. The vulnerability spans from all versions prior to 7.0.0, putting a significant number of installations at risk. An attacker can exploit this flaw to gain unauthorized access and potentially take control of the affected web server.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share