CVE-2024-10126: Local file inclusion vulnerability in M-Files Server
First published: Wed Nov 20 2024(Updated: )
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
Credit: security@m-files.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| M-Files | <24.11 |
Remedy
Update to patched version
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-10126?
CVE-2024-10126 has a medium severity rating due to its potential for local file exposure to authenticated users.
How do I fix CVE-2024-10126?
To mitigate CVE-2024-10126, upgrade M-Files Server to version 24.11 or apply relevant security patches as indicated.
Which versions of M-Files Server are vulnerable to CVE-2024-10126?
CVE-2024-10126 affects M-Files Server versions prior to 24.11, excluding 24.8 SR1, 24.2 SR3, and 23.8 SR7.
Can an unauthenticated user exploit CVE-2024-10126?
No, CVE-2024-10126 requires the attacker to be an authenticated user to exploit the local file inclusion vulnerability.
What types of files can be accessed through CVE-2024-10126?
CVE-2024-10126 allows access to a limited set of local file types via document preview.
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/m-files
- canonical/m-files