CVE-2024-42991

Sept. 3, 2024, 7:40 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

MCMS

  • 5.4.1

Source

cve@mitre.org

Tags

CVE-2024-42991 details

Published : Sept. 3, 2024, 4:15 p.m.
Last Modified : Sept. 3, 2024, 7:40 p.m.

Description

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.

CVSS Score

1 2 3 4 5 6 7 8.1 9 10

Weakness

Weakness Name Description
CWE-434 Unrestricted Upload of File with Dangerous Type The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

8.1

Exploitability Score

2.2

Impact Score

5.9

Base Severity

HIGH

References

URL Source
https://gitee.com/mingSoft/MCMS/issues/IAHN9F cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.