Today > | 13 High | 31 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-10126

Nov. 21, 2024, 3:15 p.m.

Tags

CWE-552
security@m-files.com
2024-11-20
CVE-2024-10126

Product(s) Impacted

M-Files Server

  • before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7)

Description

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.

Weaknesses

CWE-552
Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

CWE ID: 552

Date

Published: Nov. 20, 2024, 9:15 a.m.

Last Modified: Nov. 21, 2024, 3:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@m-files.com

References

https://product.m-files.com/ security@m-files.com