Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2d6g-1cyp-bffe
SummaryAn issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.
Aliases
0
alias CVE-2024-48760
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48760
reference_id
reference_type
scores
0
value 0.70907
scoring_system epss
scoring_elements 0.98725
published_at 2026-06-11T12:55:00Z
1
value 0.70907
scoring_system epss
scoring_elements 0.9873
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48760
1
reference_url https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760
reference_id CVE-2024-48760
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-23T16:30:40Z/
url https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760
2
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52204.txt
reference_id CVE-2024-48760
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52204.txt
3
reference_url https://github.com/muebel/gestioip-docker-compose
reference_id gestioip-docker-compose
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-23T16:30:40Z/
url https://github.com/muebel/gestioip-docker-compose
4
reference_url http://www.gestioip.net/index.html
reference_id index.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-01-23T16:30:40Z/
url http://www.gestioip.net/index.html
Weaknesses
Exploits
0
date_added null
description 
This module exploits a command execution via file upload.
          If GestioIP is configured to use no authentication for admin account,
          no password is required to exploit the vulnerability. Otherwise, an authenticated
          user with admin right on the web site is required to exploit.
required_action null
due_date null
notes 
Reliability:
  - repeatable-session
Stability:
  - crash-safe
SideEffects:
  - ioc-in-logs
  - config-changes
known_ransomware_campaign_use false
source_date_published 2025-01-14
exploit_type null
platform Linux
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/gestioip_rce.rb
1
date_added 2025-04-14
description GestioIP 3.5.7 - Remote Command Execution (RCE)
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2025-04-14
exploit_type remote
platform multiple
source_date_updated 2025-04-14
data_source Exploit-DB
source_url
Severity_range_score9.8 - 9.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2d6g-1cyp-bffe