We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-11404

File Upload Bypass in django Filer



Description

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.

Reserved 2024-11-19 | Published 2024-11-20 | Updated 2024-11-20 | Assigner TR-CERT


MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-20 Improper Input Validation

CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Product status

Default status
unaffected

3 before 3.3
affected

Credits

Ali ILTIZAR finder

References

www.usom.gov.tr/bildirim/tr-24-1864

www.django-cms.org/...filer-and-django-cms-attributes-field/

iltosec.com/...e-upload-vulnerabilities-in-django-filer-323/

pypi.org/project/django-filer/

cve.org (CVE-2024-11404)

nvd.nist.gov (CVE-2024-11404)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-11404

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.