exploitDog

CVE-2024-3778

Опубликовано: 15 апр. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ai3:qbibot:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00304

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-895x-rw6g-623x

CVSS3: 7.2

github

почти 2 года назад

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.

EPSS

Процентиль: 53%

0.00304

Низкий

7.2 High

CVSS3

Дефекты

CWE-434