Lucene search

[email protected]CVE-2024-27964

HistoryMar 21, 2024 - 5:15 p.m.

CVE-2024-27964

2024-03-2117:15:09

CWE-434

[email protected]

web.nvd.nist.gov

cve-2024-27964

unrestricted upload

file upload

gesundheit bewegt gmbh

zippy

vulnerability

nvd

security

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9.

Affected configurations

Vulners

Node

gesundheit_bewegt_gmbhzippyRange≤1.6.9

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "zippy",
    "product": "Zippy",
    "vendor": "Gesundheit Bewegt GmbH",
    "versions": [
      {
        "changes": [
          {
            "at": "1.6.10",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.6.9",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-9-arbitrary-file-upload-vulnerability?_s_id=cve

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-27964

nvd1 wpvulndb1 cvelist1 wordfence1