CVE-2024-1750

EPSS 0.04%
Veröffentlicht 22.02.2024 20:15:56
Zuletzt bearbeitet 31.12.2024 15:08:18
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Temmokumvc ≫ Temmokumvc Version < 2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.109

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.6	2.2	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://note.zhaoj.in/share/OrBH8zLKUPOA

Broken Link

https://vuldb.com/?ctiid.254532

Third Party Advisory

Permissions Required

https://vuldb.com/?id.254532

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1750

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1750

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1750

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1750