CVE Catalog

CVE-2024-51366

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.70%

49th percentile - higher than 49% of all known CVEs

Summary

An arbitrary file upload vulnerability was found in the \Roaming\Omega component of OmegaT v6.0.1. It allows an attacker to execute arbitrary code by uploading a crafted .conf file.

Risk Assessment

The risk involves potential remote code execution, which could lead to system compromise, data theft, or malware installation.

Recommendation

It is recommended to immediately update OmegaT to the latest version and restrict .conf file uploads to trusted sources.

Original NVD description (English source)

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS