CVE-2024-10126

Summary

Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.

Affected Software

VendorProductVersion RangeStatus
M-Files Corporation"M-Files Server0 < 24.11affected
M-Files Corporation"M-Files Server23.8 SR7unaffected
M-Files Corporation"M-Files Server24.2 SR3unaffected
M-Files Corporation"M-Files Server24.8 SR1unaffected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References