← Back

CVE-2024-38530

nvd nist
Published: Aug 12, 2024Modified: Aug 13, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16.

Affected (1)

Openeclass
1 product
Openeclass
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Openeclass
Before 3.16

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.