CVE-2024-1527

EPSS 0.06%
Veröffentlicht 12.03.2024 16:15:07
Zuletzt bearbeitet 26.02.2025 15:15:08
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cmsmadesimple ≫ Cms Made Simple Version2.2.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve-coordination@incibe.es	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1527

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1527

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1527

EUVD