Published: 06/02/2024 Updated: 13/02/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows malicious users to upload arbitrary files via the upload audio component.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ispyconnect agent dvr 5.1.6.0

CVE-2024-22515 arbitrary file upload and CVE-2024-22514 remote code execution for AgentDVR 5.1.6.0 (Authenticated)

AgentDVR-5160-File-Upload-and-Remote-Code-Execution CVE-2024-22515 arbitrary file upload and CVE-2024-22514 remote code execution for AgentDVR 5160 (Authenticated) (Older versions likely affected) githubcom/Orange-418/CVE-2024-22514-Remote-Code-Execution githubcom/Orange-418/CVE-2024-22515-File-Upload-Vulnerability wwwispyconnectcom/ ww

CVE-2024-22515: File Upload Vulnerability in Agent DVR Information Description In iSpyConnectcom Agent DVR 5160, there is a lack of verification of file type for sound file uploads This allows an authenticated user to upload any file type through the upload audio component simply by toggling to all files in the file open dialog Additional Information This vulnerability ma

CWE-434 https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability https://nvd.nist.gov https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution

CVE-2024-22515

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect