Lucene search
CVE-2024-6647
Critical unrestricted upload vulnerability found in unsupported Croogo up to 4.0.
Show more
| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
 | CVE-2024-6647 Croogo Setting Theme unrestricted upload | 10 Jul 202418:00 | – | cvelist |
 | CVE-2024-6647 | 10 Jul 202418:15 | – | nvd |
 | CVE-2024-6647 Croogo Setting Theme unrestricted upload | 10 Jul 202418:00 | – | vulnrichment |
[
{
"vendor": "n/a",
"product": "Croogo",
"versions": [
{
"version": "4.0.0",
"status": "affected"
},
{
"version": "4.0.1",
"status": "affected"
},
{
"version": "4.0.2",
"status": "affected"
},
{
"version": "4.0.3",
"status": "affected"
},
{
"version": "4.0.4",
"status": "affected"
},
{
"version": "4.0.5",
"status": "affected"
},
{
"version": "4.0.6",
"status": "affected"
},
{
"version": "4.0.7",
"status": "affected"
}
],
"modules": [
"Setting Handler"
]
}
]| Source | Link |
|---|---|
| vuldb | www.vuldb.com/ |
| vuldb | www.vuldb.com/ |
| github | www.github.com/DeepMountains/Mirage/blob/main/CVE-1.md |
| vuldb | www.vuldb.com/ |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| Content-Type | header | /admin/settings/settings/prefix/Theme | Unrestricted file upload vulnerability due to improper handling of Content-Type header. | CWE-434 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo10 Jul 2024 18:15Current
4.9Medium risk
Vulners AI Score4.9
CVSS25.8
CVSS34.7
CVSS45.1
EPSS0.00114
SSVC