CVE-2024-8940

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input.
Configurations

Configuration 1 (hide)

cpe:2.3:a:scriptcase:scriptcase:9.4.019:*:*:*:*:*:*:*

History

01 Oct 2024, 17:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 10.0
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:scriptcase:scriptcase:9.4.019:*:*:*:*:*:*:*
First Time Scriptcase
Scriptcase scriptcase
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-scriptcase - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-scriptcase - Third Party Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en la aplicación Scriptcase versión 9.4.019, que implica la carga arbitraria de un archivo a través de /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ mediante una solicitud POST. Un atacante podría cargar archivos maliciosos al servidor debido a que la aplicación no verifica correctamente la entrada del usuario.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-10-01 17:21


NVD link : CVE-2024-8940

Mitre link : CVE-2024-8940

CVE.ORG link : CVE-2024-8940


JSON object : View

Products Affected

scriptcase

  • scriptcase
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type