9.8
CVE-2024-24525
- EPSS 1%
- Veröffentlicht 29.02.2024 06:15:47
- Zuletzt bearbeitet 27.03.2025 16:22:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Epoint ≫ Epointwebbuilder Version5.1.0 Updatesp1
Epoint ≫ Epointwebbuilder Version5.2.1 Updatesp1
Epoint ≫ Epointwebbuilder Version5.4.1 Update-
Epoint ≫ Epointwebbuilder Version5.4.2 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1% | 0.763 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-233 Improper Handling of Parameters
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.