Products
Flute CMS
- 0.2.2.4-alpha
Source
cna@vuldb.com
Tags
CVE-2024-6946 details
Published : July 21, 2024, 9:15 a.m.
Last Modified : July 21, 2024, 9:15 a.m.
Last Modified : July 21, 2024, 9:15 a.m.
Description
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272068.
CVSS Score
| 1 | 2 | 3 | 4.7 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-94 | Improper Control of Generation of Code ('Code Injection') | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
4.7
Exploitability Score
1.2
Impact Score
3.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://github.com/DeepMountains/Mirage/blob/main/CVE5-2.md | cna@vuldb.com |
| https://vuldb.com/?ctiid.272068 | cna@vuldb.com |
| https://vuldb.com/?id.272068 | cna@vuldb.com |
| https://vuldb.com/?submit.375214 | cna@vuldb.com |
This website uses the NVD API, but is not approved or certified by it.