exploitDog

CVE-2024-50919

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution

Ссылки

https://gist.github.com/microvorld/516552dcef65acc2d1ab0fb969cd34a3
Third Party Advisory
https://github.com/JPressProjects/jpress
Product
https://github.com/microvorld/CVE-2024/blob/main/jpress.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:jpress:jpress:*:*:*:*:*:*:*:*

Версия до 5.1.1 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00309

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-8vf7-6fh2-6qw4

CVSS3: 9.8

github

около 1 года назад

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution

EPSS

Процентиль: 54%

0.00309

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94