CVE-2024-35570

An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file.
Configurations

No configuration.

History

21 Nov 2024, 09:20

Type Values Removed Values Added
References () https://github.com/KakeruJ/CVE/ - () https://github.com/KakeruJ/CVE/ -

26 Aug 2024, 16:35

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de carga de archivos arbitrarios en el componente \controller\ImageUploadController.class de inxedu v2.0.6 permite a los atacantes ejecutar código arbitrario cargando un archivo jsp manipulado.
CWE CWE-434
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

23 May 2024, 19:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-23 19:16

Updated : 2024-11-21 09:20


NVD link : CVE-2024-35570

Mitre link : CVE-2024-35570

CVE.ORG link : CVE-2024-35570


JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type