Lucene search

[email protected]NVD:CVE-2024-39118

HistoryJul 09, 2024 - 5:15 p.m.

CVE-2024-39118

2024-07-0917:15:48

[email protected]

web.nvd.nist.gov

mommy heather backups arbitrary write

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

Percentile

15.9%

JSON

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.

Affected configurations

Nvd

Node

mommyheatheradvanced_backupsRange<3.6

VendorProductVersionCPE
mommyheatheradvanced_backups*cpe:2.3:a:mommyheather:advanced_backups:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mommyheather	advanced_backups	*	cpe:2.3:a:mommyheather:advanced_backups::::::::

References

gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed

github.com/MommyHeather/AdvancedBackups/commit/1545f499f73bf434ed292c31121fdda8042ff5d6

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

Percentile

15.9%

JSON

Related for NVD:CVE-2024-39118

cvelist1 osv1 vulnrichment1 cve1