Lucene search

K
vulnrichmentGitHub_MVULNRICHMENT:CVE-2024-52004
HistoryNov 08, 2024 - 10:10 p.m.

CVE-2024-52004 Remote code execution vulnerabilities in MediaCMS

2024-11-0822:10:07
CWE-74
GitHub_M
github.com
3
mediacms
python/django
react
rest api
remote code execution
input validation

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade. The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:mediacms:mediacms:*:*:*:*:*:*:*:*"
    ],
    "vendor": "mediacms",
    "product": "mediacms",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.1.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2024-52004