exploitDog

CVE-2024-22550

Опубликовано: 26 янв. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.

Ссылки

https://packetstormsecurity.com/files/176312/ShopSite-14.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/176312/ShopSite-14.0-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shopsite:shopsite:14.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.0009

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-9xx5-8h94-vx2v

CVSS3: 6.1

github

около 2 лет назад

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.

EPSS

Процентиль: 26%

0.0009

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-434

CWE-434