exploitDog

CVE-2024-25274

Опубликовано: 20 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.

Ссылки

https://gist.github.com/capable-Hub/725c294f1aeac729fa314a32fef55d5a
Third Party Advisory
https://reference1.example.com/login
Product
https://gist.github.com/capable-Hub/725c294f1aeac729fa314a32fef55d5a
Third Party Advisory
https://reference1.example.com/login
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xxyopen:novel-plus:4.3.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00243

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-9p2g-j2pw-qg9p

CVSS3: 9.8

github

почти 2 года назад

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.

EPSS

Процентиль: 47%

0.00243

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434