CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.znuny.org/en/advisories/zsa-2024-01	Vendor Advisory
https://znuny.com	Product
https://www.znuny.org/en/advisories/zsa-2024-01	Vendor Advisory
https://znuny.com	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:znuny:znuny:::::lts:::*
	cpe:2.3:a:znuny:znuny:::::-:::*

History

02 Sep 2025, 21:21

Type	Values Removed	Values Added
References	~~() https://www.znuny.org/en/advisories/zsa-2024-01 -~~	() https://www.znuny.org/en/advisories/zsa-2024-01 - Vendor Advisory
References	~~() https://znuny.com -~~	() https://znuny.com - Product
CPE		cpe:2.3:a:znuny:znuny:::::lts:::* cpe:2.3:a:znuny:znuny:::::-:::*
First Time		Znuny znuny Znuny

Information

Published : 2024-04-29 17:15

Updated : 2025-09-02 21:21

NVD link : CVE-2024-32491

Mitre link : CVE-2024-32491

CVE.ORG link : CVE-2024-32491

JSON object : View

Products Affected

znuny

znuny

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-32491", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-04-29T17:15:19.183", "references": [{"url": "https://www.znuny.org/en/advisories/zsa-2024-01", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://znuny.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.znuny.org/en/advisories/zsa-2024-01", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://znuny.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Znuny y Znuny LTS 6.0.31 a 6.5.7 y Znuny 7.0.1 a 7.0.16 donde un usuario que inici\u00f3 sesi\u00f3n puede cargar un archivo (a trav\u00e9s de una solicitud AJAX manipulada) a una ubicaci\u00f3n de escritura arbitraria atravesando rutas. Se puede ejecutar c\u00f3digo arbitrario si esta ubicaci\u00f3n est\u00e1 disponible p\u00fablicamente a trav\u00e9s del servidor web."}], "lastModified": "2025-09-02T21:21:38.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E616E701-B053-44AD-B63F-A56EB0AB6A73", "versionEndIncluding": "6.5.7", "versionStartIncluding": "6.0.31"}, {"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "773D66F5-535A-4EF9-A078-078B77470959", "versionEndIncluding": "7.0.16", "versionStartIncluding": "7.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}