Lucene search

PatchstackCVE-2024-43249

HistoryAug 19, 2024 - 6:15 p.m.

CVE-2024-43249

2024-08-1918:15:11

CWE-434

Patchstack

web.nvd.nist.gov

vulnerability

file upload

command injection

bit form pro

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.This issue affects Bit Form Pro: from n/a through 2.6.4.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

bitappsbit_formRange≤2.6.4prowordpress

VendorProductVersionCPE
bitappsbit_form*cpe:2.3:a:bitapps:bit_form:*:*:*:*:pro:wordpress:*:*

Vendor	Product	Version	CPE
bitapps	bit_form	*	cpe:2.3:a:bitapps:bit_form:::::pro:wordpress::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bit Form Pro",
    "vendor": "Bit Apps",
    "versions": [
      {
        "lessThanOrEqual": "2.6.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/bitformpro/wordpress-bit-form-pro-plugin-2-6-4-authenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for CVE-2024-43249