CVE-2024-39243

2024-06-2600:00:00

mitre

github.com

skycaiji

code execution

post request

AI Score

7.6

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:skycaiji:skycaiji:2.8:*:*:*:*:*:*:*"
    ],
    "vendor": "skycaiji",
    "product": "skycaiji",
    "versions": [
      {
        "status": "affected",
        "version": "2.8"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

fushuling.com/index.php/2024/06/11/test/