CVE-2024-7037 - Microsoft Office Online Server File Write/Deletion Vulnerability

1 month ago 19
ARTICLE AD BOX
CVE ID : CVE-2024-7037
Published : Oct. 9, 2024, 8:15 p.m. | 24 minutes ago
Description : In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article