admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-111xx/CVE-2024-11138.json

207 lines
6.6 KiB
JSON
Raw Normal View History

Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
{
"id": "CVE-2024-11138",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-12T18:15:17.543",
Auto-Update: 2024-12-10T23:00:30.405237+00:00
2024-12-10 23:03:51 +00:00
"lastModified": "2024-12-10T21:11:45.043",
"vulnStatus": "Analyzed",
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
Auto-Update: 2024-11-13T19:00:34.158694+00:00
2024-11-13 19:03:36 +00:00
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en DedeCMS 5.7.116. Afecta a una parte desconocida del archivo /dede/uploads/dede/friendlink_add.php. La manipulaci\u00f3n del argumento logoimg provoca una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"providerUrgency": "NOT_DEFINED"
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"baseScore": 2.7,
"baseSeverity": "LOW",
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"availabilityImpact": "LOW"
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
Auto-Update: 2024-12-10T23:00:30.405237+00:00
2024-12-10 23:03:51 +00:00
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"baseScore": 3.3,
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"availabilityImpact": "PARTIAL"
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"type": "Secondary",
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
Auto-Update: 2024-12-10T23:00:30.405237+00:00
2024-12-10 23:03:51 +00:00
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:5.7.116:*:*:*:*:*:*:*",
"matchCriteriaId": "B41AD51D-5F0C-4504-88F6-5D4D9078AAEC"
}
]
}
]
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
}
],
"references": [
{
"url": "https://github.com/falling-snow1/cve1/blob/main/DedeCMS%20V5.7.116%20has%20Remote%20Code%20Excute%20vulnerability.md",
Auto-Update: 2024-12-10T23:00:30.405237+00:00
2024-12-10 23:03:51 +00:00
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
},
{
"url": "https://vuldb.com/?ctiid.283977",
Auto-Update: 2024-12-10T23:00:30.405237+00:00
2024-12-10 23:03:51 +00:00
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
},
{
"url": "https://vuldb.com/?id.283977",
Auto-Update: 2024-12-10T23:00:30.405237+00:00
2024-12-10 23:03:51 +00:00
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
},
{
"url": "https://vuldb.com/?submit.441900",
Auto-Update: 2024-12-10T23:00:30.405237+00:00
2024-12-10 23:03:51 +00:00
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
Auto-Update: 2024-11-12T19:00:22.928945+00:00
2024-11-12 19:03:24 +00:00
}
]
}
Reference in New Issue Copy Permalink