← Back

CVE-2024-50620

nvd nist
Published: Feb 11, 2026Modified: Feb 20, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading files on the document management page. Those executables can be executed if they are not stored in a shared directory or if the storage directory has executed permissions.

Affected (1)

Products: Cipplanner: Cipace
Cipplanner
1 product
Cipace
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Cipace
Before 9.17

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Permissions Required

Timeline

No history available yet.