Lucene search

[email protected]CVE-2024-34909

HistoryMay 15, 2024 - 8:15 p.m.

CVE-2024-34909

2024-05-1520:15:13

CWE-434

CWE-79

[email protected]

web.nvd.nist.gov

arbitrary code execution

pdf file upload

security vulnerability

cve-2024-34909

nvd

kykms v1.0.1

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.7 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.

Affected configurations

NVD

Node

kykmskykmsRange≤1.0.1

CPENameOperatorVersion
kykms:kykmskykmsle1.0.1

CPE	Name	Operator	Version
kykms:kykms	kykms	le	1.0.1

References

github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/KYKMS_Cross_site%20_scripting%20_vulnerability