CVE-2024-48069

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

CVSS

No CVSS.

References

Link	Resource
https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1	Third Party Advisory
https://github.com/stuven1989/TemporaryGuild/blob/main/guild2.md	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:weaver:e-cology:9.0:*:*:*:*:*:*:*

History

05 Jun 2025, 13:54

Type	Values Removed	Values Added
CPE		cpe:2.3:a:weaver:e-cology:9.0:::::::*
First Time		Weaver e-cology Weaver
References	~~() https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1 -~~	() https://gist.github.com/CoinIsMoney/5dd555805e8f974630ced8a1df8182f1 - Third Party Advisory
References	~~() https://github.com/stuven1989/TemporaryGuild/blob/main/guild2.md -~~	() https://github.com/stuven1989/TemporaryGuild/blob/main/guild2.md - Broken Link

20 Nov 2024, 16:15

Type	Values Removed	Values Added
Summary	A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file.	A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

19 Nov 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-19 18:15

Updated : 2025-06-05 13:54

NVD link : CVE-2024-48069

Mitre link : CVE-2024-48069

JSON object : View

Products Affected

weaver

e-cology

CWE

No CWE.

JSON object

Attach tags to CVE-2024-48069

Attach tags to `CVE-2024-48069`