4.3
CVE-2017-1002024
- EPSS 1.35%
- Veröffentlicht 14.09.2017 13:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle larry0@me.com
- CVE-Watchlists
- Unerledigt
LoginVulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kindsoft ≫ Kind Editor Version <= 3.5.6
Kindsoft ≫ Kind Editor Version4.0
Kindsoft ≫ Kind Editor Version4.0.1
Kindsoft ≫ Kind Editor Version4.0.2
Kindsoft ≫ Kind Editor Version4.0.3
Kindsoft ≫ Kind Editor Version4.0.4
Kindsoft ≫ Kind Editor Version4.0.5
Kindsoft ≫ Kind Editor Version4.0.6
Kindsoft ≫ Kind Editor Version4.1
Kindsoft ≫ Kind Editor Version4.1.1
Kindsoft ≫ Kind Editor Version4.1.2
Kindsoft ≫ Kind Editor Version4.1.3
Kindsoft ≫ Kind Editor Version4.1.4
Kindsoft ≫ Kind Editor Version4.1.5
Kindsoft ≫ Kind Editor Version4.1.6
Kindsoft ≫ Kind Editor Version4.1.7
Kindsoft ≫ Kind Editor Version4.1.8
Kindsoft ≫ Kind Editor Version4.1.9
Kindsoft ≫ Kind Editor Version4.1.10
Kindsoft ≫ Kind Editor Version4.1.11
Kindsoft ≫ Kindeditor Version4.1.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.35% | 0.678 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://kindeditor.org
http://www.vapidlabs.com/advisory.php?v=195
https://github.com/kindsoft/kindeditor