Lucene search

INCIBECVELIST:CVE-2024-4306

HistoryApr 29, 2024 - 11:56 a.m.

CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

2024-04-2911:56:36

CWE-434

INCIBE

www.cve.org

cve-2024-4306

unrestricted file upload

hubbank

php files

webshell execution

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HubBank",
    "vendor": "Ofofonobs",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.2"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-hubbank

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-4306