CVE-2024-24551

HIGH

Bludit - Authenticated RCE

Title source: llm

Description

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

References (1)

[Exploit, Third Party Advisory] https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

Scores

CVSS v3 8.8

EPSS 0.0022

EPSS Percentile 44.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502 CWE-434 CWE-77

Status published

Affected Products (1)

bludit/bludit < 3.15.0

Timeline

Published Jun 24, 2024

Tracked Since Feb 18, 2026