exploitDog

CVE-2024-1527

Опубликовано: 12 мар. 2024

Источник: nvd

CVSS3: 9.8

CVSS3: 8.8

EPSS Низкий

Описание

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.14:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

9.8 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-48xv-cpgv-hr4q

CVSS3: 9.8

github

почти 2 года назад

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

EPSS

Процентиль: 18%

0.00056

Низкий

9.8 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434