{"id":"CVE-2024-44373","details":"A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.06_06 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/save_file.php.","modified":"2025-12-05T12:31:57.378874Z","published":"2025-08-19T19:15:33.497Z","references":[{"type":"WEB","url":"https://gh0stmezh.wordpress.com/2024/08/25/cve-2024-44373/"},{"type":"WEB","url":"https://github.com/AllskyTeam/allsky/blob/master/html/includes/save_file.php"},{"type":"WEB","url":"https://lean-strand-cb6.notion.site/CVE-2024-44373-21efbd400a6c80f4a5abf5d5eb9b068c"},{"type":"PACKAGE","url":"https://github.com/AllskyTeam/allsky"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/allskyteam/allsky","events":[{"introduced":"1aa38317274600a0cabf2c3c3d1ca1b9a42d099e"},{"last_affected":"171b15cac1eb5ec972fea85e596ab8e2b74e2ba1"}]}],"versions":["v2023.05.01","v2023.05.01_01","v2023.05.01_02","v2023.05.01_03","v2023.05.01_04","v2023.05.01_05","v2024.12.06","v2024.12.06_01","v2024.12.06_02","v2024.12.06_03","v2024.12.06_04","v2024.12.06_05","v2024.12.06_06"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44373.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}