{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-3736", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575." }, { "lang": "deu", "value": "In cym1102 nginxWebUI bis 3.9.9 wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion upload der Datei /adminPage/main/upload. Durch das Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-434 Unrestricted Upload", "cweId": "CWE-434" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "cym1102", "product": { "product_data": [ { "product_name": "nginxWebUI", "version": { "version_data": [ { "version_affected": "=", "version_value": "3.9.0" }, { "version_affected": "=", "version_value": "3.9.1" }, { "version_affected": "=", "version_value": "3.9.2" }, { "version_affected": "=", "version_value": "3.9.3" }, { "version_affected": "=", "version_value": "3.9.4" }, { "version_affected": "=", "version_value": "3.9.5" }, { "version_affected": "=", "version_value": "3.9.6" }, { "version_affected": "=", "version_value": "3.9.7" }, { "version_affected": "=", "version_value": "3.9.8" }, { "version_affected": "=", "version_value": "3.9.9" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://vuldb.com/?id.260575", "refsource": "MISC", "name": "https://vuldb.com/?id.260575" }, { "url": "https://vuldb.com/?ctiid.260575", "refsource": "MISC", "name": "https://vuldb.com/?ctiid.260575" }, { "url": "https://github.com/cym1102/nginxWebUI/issues/138", "refsource": "MISC", "name": "https://github.com/cym1102/nginxWebUI/issues/138" }, { "url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf", "refsource": "MISC", "name": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf" } ] }, "impact": { "cvss": [ { "version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM" }, { "version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM" }, { "version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ] } }