mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
147 lines
5.7 KiB
JSON
147 lines
5.7 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-11211",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "Es wurde eine kritische Schwachstelle in EyouCMS bis 1.6.7 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Website Logo Handler. Dank der Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Unrestricted Upload",
|
|
"cweId": "CWE-434"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Improper Access Controls",
|
|
"cweId": "CWE-284"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "n/a",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "EyouCMS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.3"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.4"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.5"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.6"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.7"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.284526",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.284526"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.284526",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.284526"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?submit.437600",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?submit.437600"
|
|
},
|
|
{
|
|
"url": "https://github.com/falling-snow1/cve/blob/main/EyouCMS_RCE.md",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/falling-snow1/cve/blob/main/EyouCMS_RCE.md"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "falling-snow (VulDB User)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 4.7,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 4.7,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 5.8,
|
|
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
|
|
}
|
|
]
|
|
}
|
|
} |