Lucene search

K
cve[email protected]CVE-2024-34909
HistoryMay 15, 2024 - 8:15 p.m.

CVE-2024-34909

2024-05-1520:15:13
CWE-434
CWE-79
web.nvd.nist.gov
22
arbitrary code execution
pdf file upload
security vulnerability
cve-2024-34909
nvd
kykms v1.0.1

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.7 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.

Affected configurations

NVD
Node
kykmskykmsRange1.0.1
CPENameOperatorVersion
kykms:kykmskykmsle1.0.1

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.7 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

Related for CVE-2024-34909