CVE-2024-57408

Опубликовано: 10 фев. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file.

Ссылки

https://gist.github.com/kaoniniang2/2cfc83a612ba929279ed5fb8b91b45ba
Third Party Advisory
https://github.com/cool-team-official/cool-admin-java
Product
https://github.com/kaoniniang2/exploit/blob/main/Cool-admin-File%20upload%20vulnerability.md
Exploit
Third Party Advisory
https://github.com/kaoniniang2/exploit/blob/main/Cool-admin-File%20upload%20vulnerability.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:beian.miit:cool-admin-java:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-j8hh-6vg7-jqjr