Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-48450

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Oct, 2024 | 00:00
Updated At-29 Oct, 2024 | 20:44
Rejected At-
Credits

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Oct, 2024 | 00:00
Updated At:29 Oct, 2024 | 20:44
Rejected At:
▼CVE Numbering Authority (CNA)

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48450
N/A
Hyperlink: https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48450
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
hcengineering
Product
huly
CPEs
  • cpe:2.3:a:hcengineering:huly:0.6.295:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 0.6.295
Problem Types
TypeCWE IDDescription
CWECWE-918CWE-918 Server-Side Request Forgery (SSRF)
Type: CWE
CWE ID: CWE-918
Description: CWE-918 Server-Side Request Forgery (SSRF)
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Oct, 2024 | 19:15
Updated At:29 Oct, 2024 | 21:35

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-918Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-918
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48450cve@mitre.org
N/A
Hyperlink: https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48450
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2024-27707
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 13.91%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 00:00
Updated-06 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file.

Action-Not Available
Vendor-n/ahcengineering
Product-n/ahuly
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-1285
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.3||HIGH
EPSS-0.94% / 75.33%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 05:55
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) in gogs/gogs

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

Action-Not Available
Vendor-gogsgogs
Product-gogsgogs/gogs
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-24570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.73%
||
7 Day CHG~0.00%
Published-29 Sep, 2020 | 19:44
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.

Action-Not Available
Vendor-mbconnectlinen/a
Product-mymbconnect24mbconnect24n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-24515
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.2||MEDIUM
EPSS-0.23% / 46.06%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 12:59
Updated-03 Oct, 2024 | 13:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server side request forgery in api checker

Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-30678
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.91%
||
7 Day CHG+0.01%
Published-17 Jun, 2025 | 19:56
Updated-20 Jun, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-Trend Micro Apex Central
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-30679
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.91%
||
7 Day CHG+0.01%
Published-17 Jun, 2025 | 19:56
Updated-20 Jun, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-Trend Micro Apex Central
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-23718
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.02%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 17:00
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-side Request Forgery (SSRF)

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.

Action-Not Available
Vendor-ssrf-agent_projectn/a
Product-ssrf-agentssrf-agent
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
Details not found