exploitDog

GHSA-5prg-92hj-2g9x

Опубликовано: 25 июн. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

In WhatsUp Gold versions released before 2023.1.3,

an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.

In WhatsUp Gold versions released before 2023.1.3,

an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.

Ссылки

EPSS

Процентиль: 96%

0.27191

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2024-5008

CVSS3: 8.8

nvd

больше 1 года назад

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.

EPSS

Процентиль: 96%

0.27191

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434