CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.
Configurations

No configuration.

History

26 Aug 2024, 13:35

Type Values Removed Values Added
CWE CWE-22
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

26 Aug 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 07:15

Updated : 2024-08-26 13:35


NVD link : CVE-2024-45256

Mitre link : CVE-2024-45256

CVE.ORG link : CVE-2024-45256


JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')