CVE-2024-0505: ZhongFuCheng3y Austin Upload Material Menu MaterialController.java getFile unrestricted upload

5.5 CVSS

Description

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619. Eine kritische Schwachstelle wurde in ZhongFuCheng3y Austin 1.0 gefunden. Hierbei geht es um die Funktion getFile der Datei com/java3y/austin/web/controller/MaterialController.java der Komponente Upload Material Menu. Mittels Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2024-0505

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem Types

CWE-434 Unrestricted Upload

Affected Products

Vendor: ZhongFuCheng3y

Product: Austin

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 27.31% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0505
https://vuldb.com/?id.250619
https://vuldb.com/?ctiid.250619
https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md

Timeline

2025-06-03 15:40:20 UTC
CVE

ZhongFuCheng3y Austin Upload Material Menu MaterialController.java getFile unrestricted upload