exploitDog

CVE-2024-42777

Опубликовано: 21 авг. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.

Ссылки

https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20SignUp.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lopalopa:music_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00231

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-7jcc-v4g6-5284

CVSS3: 9.8

github

больше 1 года назад

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.

EPSS

Процентиль: 46%

0.00231

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

CWE-434