CVE-2024-33120

Published: May 7, 2024Modified: May 1, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file.

Affected (1)

Products: Roothub: Roothub

Roothub

1 product

Roothub

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Roothub Roothub	Version 2.5.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

http://roothub.com

Source: cve@mitre.org

Not Applicable

https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/33120.txt

Source: cve@mitre.org

Third Party Advisory

http://roothub.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/33120.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.