CVE Catalog

CVE-2024-51367

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.75%

50th percentile - higher than 50% of all known CVEs

Summary

An arbitrary file upload vulnerability in the \Users\username.BlackBoard component of BlackBoard v2.0.0.2 allows attackers to upload a crafted .xml file, leading to arbitrary code execution.

Risk Assessment

The risk includes full server compromise, data theft, or further attacks on internal infrastructure.

Recommendation

Immediately update BlackBoard to the latest version and implement file type validation and upload restrictions on the server.

Original NVD description (English source)

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS