Products
Flute CMS
- 0.2.2.4-alpha
Source
cna@vuldb.com
Tags
CVE-2024-6947 details
Published : July 21, 2024, 9:15 a.m.
Last Modified : July 21, 2024, 9:15 a.m.
Last Modified : July 21, 2024, 9:15 a.m.
Description
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability.
CVSS Score
| 1 | 2 | 3 | 4.7 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-94 | Improper Control of Generation of Code ('Code Injection') | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
4.7
Exploitability Score
1.2
Impact Score
3.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md | cna@vuldb.com |
| https://vuldb.com/?ctiid.272069 | cna@vuldb.com |
| https://vuldb.com/?id.272069 | cna@vuldb.com |
| https://vuldb.com/?submit.376785 | cna@vuldb.com |
This website uses the NVD API, but is not approved or certified by it.