CVE-2024-48646

Exploit

EPSS 0.05%
Veröffentlicht 30.10.2024 18:15:07
Zuletzt bearbeitet 27.06.2025 19:52:09
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the server, leading to further system compromise.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sage ≫ Sage Frp 1000 Version7.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-48646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48646

EUVD