CVE-2024-0192

Exploit

EPSS 0.51%
Veröffentlicht 02.01.2024 20:15:10
Zuletzt bearbeitet 21.11.2024 08:46:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

RRJ Nueva Ecija Engineer Online Portal Add Downloadable downloadable.php unrestricted upload

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nia ≫ Rrj Nueva Ecija Engineer Online Portal Version1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.394

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.249505

Third Party Advisory

https://vuldb.com/?id.249505

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0192

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0192