CVE-2024-57248

{"id": "CVE-2024-57248", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2025-02-07T16:15:38.043", "references": [{"url": "https://packetstorm.news/files/id/189021", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.gleamtech.com/filevista", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files."}, {"lang": "es", "value": "Directory Traversal durante la carga de archivos en Gleamtech FileVista 9.2.0.0 permite a atacantes remotos lograr la ejecuci\u00f3n de c\u00f3digo, la divulgaci\u00f3n de informaci\u00f3n y la escalada de privilegios mediante la inyecci\u00f3n de payloads en solicitudes HTTP para manipular rutas de archivos, eludir controles de acceso y cargar archivos maliciosos."}], "lastModified": "2025-09-15T18:06:08.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gleamtech:filevista:9.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8D553A7-0E37-4600-A567-3E34CC6103A3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}