CVE-2024-48760

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-48760
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.gestioip.net/index.html Product
https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 Exploit Third Party Advisory
https://github.com/muebel/gestioip-docker-compose Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:gestioip:gestioip:3.5.7:*:*:*:*:*:*:*
History

06 Jun 2025, 15:40

Type Values Removed Values Added
CPE cpe:2.3:a:gestioip:gestioip:3.5.7:*:*:*:*:*:*:*
First Time Gestioip
Gestioip gestioip
References () http://www.gestioip.net/index.html - () http://www.gestioip.net/index.html - Product
References () https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 - () https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 - Exploit, Third Party Advisory
References () https://github.com/muebel/gestioip-docker-compose - () https://github.com/muebel/gestioip-docker-compose - Product

23 Jan 2025, 17:15

Type Values Removed Values Added
Summary
  • (es) Un problema en GestioIP v3.5.7 permite que un atacante remoto ejecute código arbitrario a través de la función de carga de archivos. El atacante puede cargar un archivo perlcmd.cgi malicioso que sobrescriba el archivo upload.cgi original, lo que permite la ejecución remota de comandos.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-434

15 Jan 2025, 00:15

Type Values Removed Values Added
Summary (en) An issue in GestiolP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution. (en) An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.

14 Jan 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-14 22:15

Updated : 2025-06-06 15:40

NVD link : CVE-2024-48760

Mitre link : CVE-2024-48760

CVE.ORG link : CVE-2024-48760

JSON object : View

Products Affected

gestioip

  • gestioip
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type