Lucene search
K

124 matches found

NVD
NVD
added 2024/12/12 1:40 a.m.25 views

CVE-2024-12483

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...

6.3CVSS0.03507EPSS
Exploits3References4
OSV
OSV
added 2024/12/12 1:40 a.m.7 views

CVE-2024-12483

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...

5.9CVSS6.8AI score
Exploits0References4
Cvelist
Cvelist
added 2024/12/11 8:0 p.m.17 views

CVE-2024-12483 Dromara UJCMS User ID id authorization

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...

6.3CVSS0.03507EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2024/12/11 8:0 p.m.12 views

CVE-2024-12483 Dromara UJCMS User ID id authorization

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack i...

6.3CVSS6.7AI score0.03507EPSS
Exploits3References4
CVE
CVE
added 2024/12/11 8:0 p.m.65 views

CVE-2024-12483

CVE-2024-12483 affects Dromara UJCMS up to version 9.6.3, via an insecure direct object reference in the file path component “/users/id” of the User ID Handler. The vulnerability enables unauthenticated or remote exploitation that leads to an authorization bypass, with attackers able to discover ...

6.3CVSS4.3AI score0.03507EPSS
Exploits3References4Affected Software1
NVD
NVD
added 2024/01/12 1:15 p.m.14 views

CVE-2023-51806

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...

7.8CVSS5.8AI score0.0055EPSS
Exploits1References3
OSV
OSV
added 2024/01/12 1:15 p.m.14 views

CVE-2023-51806

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...

5.4CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2024/01/12 1:15 p.m.23 views

Unrestricted file upload

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...

4.9CVSS7.7AI score0.0055EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/12 12:0 a.m.3 views

CVE-2023-51806

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...

6.4AI score0.0055EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/01/12 12:0 a.m.19 views

CVE-2023-51806

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file...

6.1AI score0.0055EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.4 views

UJCMS Security Vulnerabilities

UJCMS is a Java open source content management system from UJCMS Open Source. A security vulnerability exists in UJCMS version v.8.0.2, which stems from the presence of a file upload vulnerability that allows a local attacker to execute arbitrary code via a crafted file...

7.8CVSS7.5AI score0.0055EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.9 views

PT-2024-14300 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: Ujcms version 8.0.2 Description: The issue allows a local attacker to execute arbitrary code via a crafted file, exploiting a File Upload vulnerability. Recommendations: For Ujcms version 8.0.2, consider disabling file upload functionality...

7.8CVSS6AI score0.0055EPSS
Exploits1References7
CVE
CVE
added 2024/01/12 12:0 a.m.49 views

CVE-2023-51806

CVE-2023-51806 affects Ujcms v8.0.2. A local attacker can upload a crafted file to trigger arbitrary code execution via a file upload vulnerability. Impact is described as local, with high confidentiality/integrity/availability risk in some sources. No public exploit details are provided in the d...

7.8CVSS5.8AI score0.0055EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/01/11 11:15 p.m.16 views

CVE-2023-51350

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...

9.8CVSS9.3AI score0.01294EPSS
Exploits1References3
OSV
OSV
added 2024/01/11 11:15 p.m.18 views

CVE-2023-51350

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...

9.8CVSS9.3AI score
Exploits0References3
Prion
Prion
added 2024/01/11 11:15 p.m.13 views

Design/Logic Flaw

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...

7.5CVSS7.6AI score0.01294EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/01/11 12:0 a.m.65 views

CVE-2023-51350

CVE-2023-51350 affects ujcms v8.0.2. A spoofing vulnerability allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script in the X-Forwarded-For header. Impact is described as high (confidentiality, integrity, and availability). No product patch/versio...

9.8CVSS9.3AI score0.01294EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.8 views

PT-2024-14083 · Ujcms · Ujcms

Name of the Vulnerable Software and Affected Versions: ujcms version 8.0.2 Description: A spoofing attack allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. Recommendations: For ujcms version 8.0....

9.8CVSS9.3AI score0.01294EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/01/11 12:0 a.m.16 views

CVE-2023-51350

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...

9.6AI score0.01294EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/01/11 12:0 a.m.12 views

CVE-2023-51350

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header...

7.3AI score0.01294EPSS
Exploits1References3
Rows per page
Query Builder