CVE-2025-24971 | DumbWareio DumbDrop /upload/init os command injection (GHSA-rx8m-jqm7-vcgp)

Posted by Angelo Barbosa | Feb 4, 2025 | CVE

A vulnerability was found in DumbWareio DumbDrop. It has been rated as very critical. Affected by this issue is some unknown functionality of the file /upload/init. The manipulation leads to os command injection.

This vulnerability is handled as CVE-2025-24971. The attack may be launched remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-24971 | DumbWareio DumbDrop /upload/init os command injection (GHSA-rx8m-jqm7-vcgp)

Related Posts

CVE-2024-3035 | GitLab Community Edition/Enterprise Edition up to 17.0.5/17.1.3/17.2.1 LFS Token authorization

CVE-2024-13648 | icopydoc Maps for WP Plugin up to 1.2.4 on WordPress Shortcode MapOnePoint cross site scripting

CVE-2024-1278 | Easy Social Feed Plugin up to 6.5.4 on WordPress Shortcode cross site scripting

CVE-2024-51549 | ABB ASPECT-Enterprise/NEXUS/MATRIX up to 3.08.02 absolute path traversal