CVE-2024-48646

Exploit

EPSS 0.05%
Published 30.10.2024 18:15:07
Last modified 27.06.2025 19:52:09
Source cve@mitre.org
Teams watchlist Login
Open Login

An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the server, leading to further system compromise.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Sage ≫ Sage Frp 1000 Version7.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-48646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48646

EUVD