Description
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
Published: 2024-11-20
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Update to patched version

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-33394 Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
History

Mon, 23 Feb 2026 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 20 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared M-files
M-files m-files Server
CPEs cpe:2.3:a:m-files:m-files_server:*:*:*:*:-:*:*:*
cpe:2.3:a:m-files:m-files_server:*:*:*:*:lts:*:*:*
Vendors & Products M-files
M-files m-files Server
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Fri, 22 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}

Thu, 21 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}

Thu, 21 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}

Wed, 20 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 Nov 2024 08:45:00 +0000

Type Values Removed Values Added
Description Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
Title Local file inclusion vulnerability in M-Files Server
Weaknesses CWE-552
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

M-files M-files Server
cve-icon MITRE

Status: PUBLISHED

Assigner: M-Files Corporation

Published:

Updated: 2026-02-23T10:20:26.460Z

Reserved: 2024-10-18T13:13:15.236Z

Link: CVE-2024-10126

cve-icon Vulnrichment

Updated: 2024-11-20T20:18:54.253Z

cve-icon NVD

Status : Modified

Published: 2024-11-20T09:15:03.990

Modified: 2026-02-23T11:16:16.507

Link: CVE-2024-10126

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses