exploitDog

CVE-2024-2599

Опубликовано: 18 мар. 2024

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

EPSS Низкий

Описание

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amss\+\+_project:amss\+\+:4.31:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.0011

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-3x7r-cvw4-596j

CVSS3: 9.9

github

почти 2 года назад

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

EPSS

Процентиль: 30%

0.0011

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-434