Home

Description

A Path Traversal vulnerability in AllSky v2023.05.01_04 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.

PUBLISHED Reserved 2024-08-21 | Published 2025-08-19 | Updated 2025-08-19 | Assigner mitre

References

github.com/AllskyTeam/allsky

github.com/...allsky/blob/master/html/includes/save_file.php

lean-strand-cb6.notion.site/...fbd400a6c80f4a5abf5d5eb9b068c

cve.org (CVE-2024-44373)

nvd.nist.gov (CVE-2024-44373)

Download JSON