CVE-2024-10201

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wellchoose:administrative_management_system:-:*:*:*:*:*:*:*

History

24 Oct 2024, 13:56

Type Values Removed Values Added
First Time Wellchoose
Wellchoose administrative Management System
References () https://www.twcert.org.tw/en/cp-139-8161-b8a6d-2.html - () https://www.twcert.org.tw/en/cp-139-8161-b8a6d-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8160-756b6-1.html - () https://www.twcert.org.tw/tw/cp-132-8160-756b6-1.html - Third Party Advisory
CPE cpe:2.3:a:wellchoose:administrative_management_system:-:*:*:*:*:*:*:*

21 Oct 2024, 17:09

Type Values Removed Values Added
Summary
  • (es) Administrative Management System de Wellchoose no valida correctamente los tipos de archivos cargados, lo que permite que atacantes remotos con privilegios regulares carguen y ejecuten webshells.

21 Oct 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 04:15

Updated : 2024-10-24 13:56


NVD link : CVE-2024-10201

Mitre link : CVE-2024-10201

CVE.ORG link : CVE-2024-10201


JSON object : View

Products Affected

wellchoose

  • administrative_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type