exploitDog

CVE-2024-8651

Опубликовано: 19 сент. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.

Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.

Ссылки

https://github.com/klsecservices/Advisories/blob/master/K-NetCat-2024-001.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netcat:netcat_content_management_system:*:*:*:*:-:*:*:*

Версия до 6.4.0.24248 (исключая)

EPSS

Процентиль: 38%

0.0017

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-204

CWE-203

Связанные уязвимости

GHSA-6gcw-xcpf-vr88

CVSS3: 5.3

github

больше 1 года назад

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.

EPSS

Процентиль: 38%

0.0017

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-204

CWE-203