CVE-2024-0192

Exploit

EPSS 0.16%
Veröffentlicht 02.01.2024 20:15:10
Zuletzt bearbeitet 21.11.2024 08:46:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nia ≫ Rrj Nueva Ecija Engineer Online Portal Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.374

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.249505

Third Party Advisory

https://vuldb.com/?id.249505

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0192

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0192