CVE-2024-52306 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-52306

CVE-2024-52306

November 13, 2024

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.

Related Resources (4)

https://github.com/Laravel-Backpack/FileManager

https://nvd.nist.gov/vuln/detail/CVE-2024-52306

https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2

https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b

Do you need more information?

CVSS v4

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

HIGH

CVSS v3

Base Score:

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

EPSS

Base Score:

3.71

Products

Solutions

Resources

Company

Compare

Developer Tools