Lucene search

CVE-2024-7342

🗓️ 01 Aug 2024 05:10:15Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 58 Views🌐 WEB

Vulnerability in Baidu UEditor 1.4.3.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2024-7342 Baidu UEditor unrestricted upload	1 Aug 202404:31	–	cvelist
Vulnrichment	CVE-2024-7342 Baidu UEditor unrestricted upload	1 Aug 202404:31	–	vulnrichment
NVD	CVE-2024-7342	1 Aug 202405:15	–	nvd

Nvd

Vulners

Vulnrichment

Node

baidu ueditorRange≤1.4.3.3

[
  {
    "vendor": "Baidu",
    "product": "UEditor",
    "versions": [
      {
        "version": "1.4.3.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/Hebing123/cve/issues/62
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
action	query param	/ueditor/php/controller.php	Unrestricted file upload vulnerability in Baidu UEditor allows remote attackers to upload arbitrary files through the upfile parameter.	CWE-434
encode	query param	/ueditor/php/controller.php	Unrestricted file upload vulnerability in Baidu UEditor allows remote attackers to upload arbitrary files through the upfile parameter.	CWE-434
upfile	query param	/ueditor/php/controller.php	Unrestricted file upload vulnerability in Baidu UEditor allows remote attackers to upload arbitrary files through the upfile parameter.	CWE-434

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Aug 2024 05:15Current

4Medium risk

Vulners AI Score4

CVSS24

CVSS33.5 - 6.1

CVSS45.3

EPSS0.00083

SSVC

CWE-434