An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.
References
Configurations
No configuration.
History
13 May 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
12 May 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-12 19:15
Updated : 2025-05-13 19:35
NVD link : CVE-2024-55466
Mitre link : CVE-2024-55466
CVE.ORG link : CVE-2024-55466
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')