Lucene search

[email protected]NVD:CVE-2024-36774

HistoryJun 06, 2024 - 10:15 p.m.

CVE-2024-36774

2024-06-0622:15:10

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary file upload

monstra cms

version 3.0.4

vulnerability

arbitrary code execution

crafted php file

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

JSON

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.

Affected configurations

Nvd

Node

monstramonstraMatch3.0.4

VendorProductVersionCPE
monstramonstra3.0.4cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
monstra	monstra	3.0.4	cpe:2.3:a:monstra:monstra:3.0.4:::::::*

References

github.com/OoLs5/VulDiscovery/blob/main/poc.docx

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

JSON

Related for NVD:CVE-2024-36774

osv1 cve1 vulnrichment1 cvelist1