Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52305

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.

Published

2024-11-13T16:15:20.473

Last Modified

2024-11-19T18:04:12.680

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-616
CWE-692

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	webkul	unopim	< 0.1.5	Yes

References

https://github.com/unopim/unopim/commit/9a0da7a0892c60f58df2351b5a9498dcb4cb8b7a Patch ([email protected])
https://github.com/unopim/unopim/security/advisories/GHSA-cgr4-c233-h733 Exploit, Third Party Advisory ([email protected])