exploitDog

CVE-2024-29368

Опубликовано: 22 апр. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content.

Ссылки

https://github.com/becpn/mozilocms
Exploit
Third Party Advisory
https://github.com/becpn/mozilocms
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mozilo:mozilocms:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00124

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-p3h5-5h52-p2q2

CVSS3: 6.5

github

почти 2 года назад

An issue discovered in moziloCMS v2.0 allows attackers to bypass file upload restrictions and run arbitrary code by changing the file extension after upload via crafted POST request.

EPSS

Процентиль: 32%

0.00124

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-434