Lucene search

[email protected]NVD:CVE-2024-44677

HistorySep 10, 2024 - 4:15 p.m.

CVE-2024-44677

2024-09-1016:15:20

CWE-352

CWE-918

[email protected]

web.nvd.nist.gov

eladmin v2.7

ssrf

vulnerability

databasecontroller.java

server-side request forgery

arbitrary code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

Affected configurations

Nvd

Node

eladmineladminRange≤2.7

VendorProductVersionCPE
eladmineladmin*cpe:2.3:a:eladmin:eladmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eladmin	eladmin	*	cpe:2.3:a:eladmin:eladmin::::::::

References

github.com/elunez/eladmin

github.com/jcxj/jcxj/blob/master/source/_posts/eladmin-%E5%A4%8D%E7%8E%B0.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2024-44677

osv1 cvelist1 vulnrichment1 cve1