CRITICAL🇵🇱 Wersja polska

CVE-2024-32491

CVSS 9.8v3.1pub. 2024-04-29upd. 2025-09-02

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.

🤖 AI Analysis
How it works

A logged-in user can send a manipulated AJAX request to the application in which the target file path contains path traversal sequences (e.g., '../'). The file upload mechanism does not properly validate the path, allowing any file to be saved outside the intended directory. If the selected target directory is publicly accessible through the web server, the uploaded file (e.g., PHP script or other executable) can be executed remotely, leading to full code execution on the server.

Impact

An attacker with an active session can trigger remote code execution (RCE) on the server, which consequently enables full system takeover, data theft, configuration modification, and further lateral movement within the network.

Mitigation & patch

Apply patches available from the vendor according to the references (https://www.znuny.org/en/advisories/zsa-2024-01). Until the fix is deployed, it is recommended to restrict application access exclusively to trusted, authenticated users and monitor attempts to upload files with unusual paths.

Who is affected

Znuny LTS versions 6.0.31 – 6.5.7 and Znuny versions 7.0.1 – 7.0.16

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Znuny

    APP
    Znuny
    6.0.31 – 6.5.77.0.1 – 7.0.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-26846CRITICAL9.8PL ✓ten sam produkt

Brak weryfikacji uprawnień w Generic Interface systemu Znuny (eskalacja uprawnień)

CVE-2025-26845CRITICAL9.8PL ✓ten sam produkt

Eval Injection w Znuny umożliwia zdalne wykonanie poleceń

CVE-2025-26844CRITICAL9.8PL ✓ten sam produkt

Znuny: Ciasteczko sesji bez flagi HttpOnly — ryzyko kradzieży sesji

CVE-2025-26847HIGH7.5ten sam produkt

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

CVE-2025-26842HIGH7.5ten sam produkt

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encr...