CVE-2024-0728

A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*

History

25 Jan 2024, 19:55

Type Values Removed Values Added
CWE CWE-73 CWE-610
First Time Foru Cms Project foru Cms
Foru Cms Project
CPE cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://vuldb.com/?ctiid.251551 - () https://vuldb.com/?ctiid.251551 - Permissions Required
References () https://vuldb.com/?id.251551 - () https://vuldb.com/?id.251551 - Permissions Required
References () https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md - () https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md - Exploit

19 Jan 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-19 19:15

Updated : 2024-05-17 02:34


NVD link : CVE-2024-0728

Mitre link : CVE-2024-0728

CVE.ORG link : CVE-2024-0728


JSON object : View

Products Affected

foru_cms_project

  • foru_cms
CWE
CWE-610

Externally Controlled Reference to a Resource in Another Sphere

CWE-73

External Control of File Name or Path