CVE-2024-6948
July 21, 2024, 10:15 a.m.
Tags
CVSS Score
Product(s) Impacted
Gargaj wuhu
- up to 3faad49bfcc3895e9ff76a591d05c8941273d120
Description
A vulnerability classified as critical has been found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected is an unknown function of the file /slideeditor.php of the component Slide Editor. The manipulation of the argument newSlideFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272070 is the identifier assigned to this vulnerability.
Weaknesses
CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CWE ID: 434Date
Published: July 21, 2024, 10:15 a.m.
Last Modified: July 21, 2024, 10:15 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cna@vuldb.com
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L