CVE-2024-57248

MEDIUM

Gleamtech FileVista 9.2.0.0 - Path Traversal and Arbitrary File Upload

Title source: llm

Description

Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://packetstorm.news/files/id/189021

Product

https://www.gleamtech.com/filevista

Scores

CVSS v3 6.3

EPSS 0.0316

EPSS Percentile 86.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

gleamtech/filevista 9.2.0

Published Feb 07, 2025

Tracked Since Feb 18, 2026