CVE-2024-7705

A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.8 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:M/C:P/I:P/A:P

Exploitability : 6.4 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md	Broken Link
https://vuldb.com/?ctiid.274183	Permissions Required VDB Entry
https://vuldb.com/?id.274183	Permissions Required VDB Entry
https://vuldb.com/?submit.385617	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:mainwww:mwcms:1.0.0:*:*:*:*:*:*:*

History

16 Sep 2024, 16:15

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en Fujian mwcms 1.0.0. Ha sido declarada crítica. La función uploadeditor del archivo /uploadeditor.html?action=uploadimage del componente Image Upload es afectada por esta vulnerabilidad. La manipulación del argumento upfile conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
References	~~() https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md -~~	() https://github.com/DeepMountains/Mirage/blob/main/CVE12-1.md - Broken Link
References	~~() https://vuldb.com/?ctiid.274183 -~~	() https://vuldb.com/?ctiid.274183 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.274183 -~~	() https://vuldb.com/?id.274183 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?submit.385617 -~~	() https://vuldb.com/?submit.385617 - Third Party Advisory, VDB Entry
First Time		Mainwww Mainwww mwcms
CPE		cpe:2.3:a:mainwww:mwcms:1.0.0:::::::*
CVSS	v2 : ~~5.8~~ v3 : ~~4.7~~	v2 : 5.8 v3 : 5.3

12 Aug 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-12 23:15

Updated : 2024-09-16 16:15

NVD link : CVE-2024-7705

Mitre link : CVE-2024-7705

CVE.ORG link : CVE-2024-7705

JSON object : View

Products Affected

mainwww

mwcms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

5.3 /10