Vulnerabilities > CVE-2024-52305 - Unspecified vulnerability in Webkul Unopim

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

webkul

NVD

Published: 2024-11-13

Updated: 2024-11-19

Summary

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.

Vulnerable Configurations

Part	Description	Count
Application	Webkul Webkul Unopim *	1

References

https://github.com/unopim/unopim/commit/9a0da7a0892c60f58df2351b5a9498dcb4cb8b7a
https://github.com/unopim/unopim/security/advisories/GHSA-cgr4-c233-h733