CVE-2024-8525— Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-8525
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
Source: NVD (National Vulnerability Database)
Vulnerability Description
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Automated Logic WebCtrl 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Automated Logic WebCtrl是美国Automated Logic公司的一个基于 Web 的楼宇自动化系统的服务器。 Automated Logic WebCtrl 7.0版本存在代码问题漏洞,该漏洞源于不受限制的危险类型文件上传,可能导致未认证用户通过构造的 HTTP POST 请求执行远程命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Automated Logic, a Carrier company | WebCTRL | 7.0 | - | |
| Carrier | i-Vu | 7.0 | - |
II. Public POCs for CVE-2024-8525
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-8525
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: WebCTRL
- CVE-2025-14295
Automated Logic WebCTRL and Carrier i-Vu Session Fixation - CVE-2024-5540
ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting - CVE-2024-5539
ALC WebCTRL Carrier i-Vu Access Control Bypass - CVE-2025-0657
ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index ou - CVE-2024-8528
ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized pa
Same weakness: CWE-434
- CVE-2021-47943
TextPattern CMS 4.8.7 Remote Code Execution via File Upload - CVE-2021-47937
e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme - CVE-2026-41517
Emlog: Remote Code Execution via Malicious Plugin Upload - CVE-2026-6692
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber - CVE-2026-41587
CI4MS: Unrestricted PHP File Upload via Theme Installation L
V. Comments for CVE-2024-8525
No comments yet