exploitDog

CVE-2024-11017

Опубликовано: 11 нояб. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.

Ссылки

https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8211-a2da2-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*

Версия от 6 (включая) до 6.5.1 (исключая)

cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*

Версия от 7 (включая) до 7.2.3 (исключая)

EPSS

Процентиль: 81%

0.01524

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-j5gv-q5p3-x979

CVSS3: 8.8

github

около 1 года назад

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.

EPSS

Процентиль: 81%

0.01524

Низкий

8.8 High

CVSS3

Дефекты

CWE-434