Back

CVE-2024-37879

Sept. 20, 2024, 5:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

User-friendly SVN (USVN)

  • before v1.0.12

Source

cve@mitre.org

Tags

cve@mitre.org
2024-09-20
CVE-2024-37879

CVE-2024-37879 details

Published : Sept. 20, 2024, 5:15 p.m.
Last Modified : Sept. 20, 2024, 5:15 p.m.

Description

Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/usvn/usvn/commit/6b4678954fca9635154743b95ff9c8947cf5f46f cve@mitre.org
https://github.com/usvn/usvn/releases/tag/1.0.12 cve@mitre.org
https://www.usvn.info/2024/06/09/usvn-1.0.12 cve@mitre.org
https://www.usvn.info/news.html cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.