GHSA-f86q-9xmw-hpfx

Опубликовано: 08 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-24498
https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-Unauthenticated_Unrestricted_File_Upload_To_RCE.md

9.8 Critical

CVSS3

CVE ID

CVE-2024-24498

Дефекты

CWE-434

Связанные уязвимости

CVE-2024-24498

nvd

почти 2 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1008. Reason: This candidate is a duplicate of CVE-2024-1008. Notes: All CVE users should reference CVE-2024-1008 instead of this candidate.

9.8 Critical

CVSS3

CVE ID

CVE-2024-24498

Дефекты

CWE-434