exploitDog

CVE-2023-24836

Опубликовано: 27 апр. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7033-878ab-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7033-878ab-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sun.net:ehrd_ctms:7.0_1227:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00444

Низкий

8.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-6f3w-c86g-f4j3

CVSS3: 8.8

github

почти 3 года назад

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.

EPSS

Процентиль: 63%

0.00444

Низкий

8.8 High

CVSS3

Дефекты

CWE-22