exploitDog

CVE-2024-11018

Опубликовано: 11 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.

Ссылки

https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*

Версия от 6 (включая) до 6.5.1 (исключая)

cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*

Версия от 7 (включая) до 7.2.3 (исключая)

EPSS

Процентиль: 83%

0.01946

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-4gq7-5m56-j2gf

CVSS3: 9.8

github

около 1 года назад

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.

EPSS

Процентиль: 83%

0.01946

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434