{"data":{"id":"5d95d170-91bd-463d-adb2-be663d2a0f60","title":"CVE-2024-51743: MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitr","summary":"MarkUs (a web application for student assignment submission and grading) has a vulnerability in versions before 2.4.8 that allows authenticated instructors to write files anywhere on the web server, potentially leading to remote code execution (the ability to run commands on a system from a distance). This happens because the file upload methods don't properly restrict where files can be saved.","solution":"Upgrade to MarkUs v2.4.8 or later. The source states: 'MarkUs v2.4.8 has addressed this issue' and notes that 'no known workarounds are available at the application level aside from upgrading.'","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-51743","publishedAt":"2024-11-19T01:15:05.900Z","cveId":"CVE-2024-51743","cweIds":["CWE-434"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MarkUs"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.02008,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-1"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}