A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Initially two separate issues were created by the researcher for the different function calls. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/wuzhicms/wuzhicms/issues/209 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.282444 | Permissions Required VDB Entry |
https://vuldb.com/?id.282444 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.427401 | Third Party Advisory VDB Entry |
Configurations
History
06 Nov 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
First Time |
Wuzhicms
Wuzhicms wuzhicms |
|
CPE | cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
References | () https://github.com/wuzhicms/wuzhicms/issues/209 - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.282444 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.282444 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.427401 - Third Party Advisory, VDB Entry |
01 Nov 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
30 Oct 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-30 02:15
Updated : 2024-11-06 16:38
NVD link : CVE-2024-10505
Mitre link : CVE-2024-10505
CVE.ORG link : CVE-2024-10505
JSON object : View
Products Affected
wuzhicms
- wuzhicms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')