SecuriTricks - CVE-2024-52305

Description

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.

Product(s) Impacted

Vendor	Product	Versions
Webkul	Unopim	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-616

Incomplete Identification of Uploaded File Variables (PHP)

The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	webkul	unopim	/	/	/	/	/	/	/	/

References

https://github.com/unopim/unopim/commit/9a0da7a0892c60f58df2351b5a9498dcb4cb8b7a

https://github.com/unopim/unopim/security/advisories/GHSA-cgr4-c233-h733

CVSS Score

6.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

View Vector String

Timeline

Published: Nov. 13, 2024, 4:15 p.m.
Last Modified: Nov. 19, 2024, 6:04 p.m.

Status : Analyzed

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security-advisories@github.com

CVE-2024-52305