Lucene search

INCIBECVELIST:CVE-2024-1527

HistoryMar 12, 2024 - 3:19 p.m.

CVE-2024-1527 Unrestricted Upload of File with Dangerous Type in CMS Made Simple

2024-03-1215:19:52

CWE-434

INCIBE

www.cve.org

cms made simple

file upload vulnerability

remote execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CMS Made Simple",
    "vendor": "CMS Made Simple",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.14"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-1527