exploitDog

CVE-2024-26503

Опубликовано: 14 мар. 2024

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.

Ссылки

https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html
Exploit
Third Party Advisory
https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openeclass:openeclass:*:*:*:*:*:*:*:*

Версия до 3.15 (включая)

EPSS

Процентиль: 84%

0.02162

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-gj96-4654-x98q

github

почти 2 года назад

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.

EPSS

Процентиль: 84%

0.02162

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-434