CVE-2024-29272

moderate-risk
Published 2024-03-22

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.

Do I need to act?

!
89.4% chance of exploitation in next 30 days
EPSS score — higher than 11% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Vvvebjs

Affected Vendors

Vvveb

References (4)

Patch https://github.com/givanz/VvvebJs/commit/c6422cfd4d835c2fa6d512645e30015f24538ef...
Exploit https://github.com/givanz/VvvebJs/issues/343
Patch https://github.com/givanz/VvvebJs/commit/c6422cfd4d835c2fa6d512645e30015f24538ef...
Exploit https://github.com/givanz/VvvebJs/issues/343
49
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal