CVE-2024-52305
Last modified
CVE-2024-52305 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Webkul | Unopim | < 0.1.5 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-52305?
How severe is CVE-2024-52305?
How do I fix CVE-2024-52305?
Are you affected by CVE-2024-52305?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST