A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md | Broken Link |
https://vuldb.com/?ctiid.272069 | Permissions Required |
https://vuldb.com/?id.272069 | Third Party Advisory |
https://vuldb.com/?submit.376785 | Third Party Advisory |
https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md | Broken Link |
https://vuldb.com/?ctiid.272069 | Permissions Required |
https://vuldb.com/?id.272069 | Third Party Advisory |
https://vuldb.com/?submit.376785 | Third Party Advisory |
Configurations
History
21 Nov 2024, 09:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md - Broken Link | |
References | () https://vuldb.com/?ctiid.272069 - Permissions Required | |
References | () https://vuldb.com/?id.272069 - Third Party Advisory | |
References | () https://vuldb.com/?submit.376785 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 4.7 |
05 Sep 2024, 16:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md - Broken Link | |
References | () https://vuldb.com/?ctiid.272069 - Permissions Required | |
References | () https://vuldb.com/?id.272069 - Third Party Advisory | |
References | () https://vuldb.com/?submit.376785 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 8.8 |
CPE | cpe:2.3:a:flute-cms:flute:0.2.2.4:alpha:*:*:*:*:*:* | |
First Time |
Flute-cms
Flute-cms flute |
22 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Jul 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-21 09:15
Updated : 2024-11-21 09:50
NVD link : CVE-2024-6947
Mitre link : CVE-2024-6947
CVE.ORG link : CVE-2024-6947
JSON object : View
Products Affected
flute-cms
- flute
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')