Lucene search

[email protected]NVD:CVE-2024-40125

HistorySep 19, 2024 - 7:15 p.m.

CVE-2024-40125

2024-09-1919:15:24

CWE-434

[email protected]

web.nvd.nist.gov

arbitrary file upload

media manager function

closed-loop technology

cless server

php file

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.

Affected configurations

Nvd

Node

closed-loopcless_serverMatch4.5.2

VendorProductVersionCPE
closed-loopcless_server4.5.2cpe:2.3:a:closed-loop:cless_server:4.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
closed-loop	cless_server	4.5.2	cpe:2.3:a:closed-loop:cless_server:4.5.2:::::::*

References

github.com/brendontkl/My-CVEs/tree/main/CVE-2024-40125

www.closed-loop.biz/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

Related for NVD:CVE-2024-40125

cvelist1 cve1 vulnrichment1