nvd-json-data-feeds/CVE-2024/CVE-2024-112xx/CVE-2024-11214.json

{
  "id": "CVE-2024-11214",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-14T16:15:18.707",
  "lastModified": "2024-11-19T15:38:59.060",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad en SourceCodester Best Employee Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/profile.php. La manipulaci\u00f3n del argumento website_image permite la carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. La divulgaci\u00f3n inicial del investigador contiene clases de vulnerabilidad confusas."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
          "baseScore": 5.8,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "MULTIPLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 6.4,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        },
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mayurik:best_employee_management_system:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "085DDBB3-1FD4-4947-916D-1AEF70F258C3"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/sh3rl0ckpggp/0day/blob/main/Employee_management%20_system_RCE.md",
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.284530",
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ]
    },
    {
      "url": "https://vuldb.com/?id.284530",
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://vuldb.com/?submit.443304",
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.sourcecodester.com/",
      "source": "cna@vuldb.com",
      "tags": [
        "Product"
      ]
    }
  ]
}
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`{`
			`"id": "CVE-2024-11214",`
			`"sourceIdentifier": "cna@vuldb.com",`
			`"published": "2024-11-14T16:15:18.707",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"lastModified": "2024-11-19T15:38:59.060",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes."`
Auto-Update: 2024-11-15T15:00:31.902868+00:00 2024-11-15 15:03:34 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Se ha encontrado una vulnerabilidad en SourceCodester Best Employee Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/profile.php. La manipulaci\u00f3n del argumento website_image permite la carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. La divulgaci\u00f3n inicial del investigador contiene clases de vulnerabilidad confusas."
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV40": [`
			`{`
			`"source": "cna@vuldb.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "4.0",`
			`"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 5.1,`
			`"baseSeverity": "MEDIUM",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"attackRequirements": "NONE",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
Auto-Update: 2025-03-02T03:00:19.570958+00:00 2025-03-02 03:03:52 +00:00			`"vulnConfidentialityImpact": "LOW",`
			`"vulnIntegrityImpact": "LOW",`
			`"vulnAvailabilityImpact": "LOW",`
			`"subConfidentialityImpact": "NONE",`
			`"subIntegrityImpact": "NONE",`
			`"subAvailabilityImpact": "NONE",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"exploitMaturity": "NOT_DEFINED",`
Auto-Update: 2025-03-02T03:00:19.570958+00:00 2025-03-02 03:03:52 +00:00			`"confidentialityRequirement": "NOT_DEFINED",`
			`"integrityRequirement": "NOT_DEFINED",`
			`"availabilityRequirement": "NOT_DEFINED",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"modifiedAttackVector": "NOT_DEFINED",`
			`"modifiedAttackComplexity": "NOT_DEFINED",`
			`"modifiedAttackRequirements": "NOT_DEFINED",`
			`"modifiedPrivilegesRequired": "NOT_DEFINED",`
			`"modifiedUserInteraction": "NOT_DEFINED",`
Auto-Update: 2025-03-02T03:00:19.570958+00:00 2025-03-02 03:03:52 +00:00			`"modifiedVulnConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedVulnIntegrityImpact": "NOT_DEFINED",`
			`"modifiedVulnAvailabilityImpact": "NOT_DEFINED",`
			`"modifiedSubConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedSubIntegrityImpact": "NOT_DEFINED",`
			`"modifiedSubAvailabilityImpact": "NOT_DEFINED",`
			`"Safety": "NOT_DEFINED",`
			`"Automatable": "NOT_DEFINED",`
			`"Recovery": "NOT_DEFINED",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"valueDensity": "NOT_DEFINED",`
			`"vulnerabilityResponseEffort": "NOT_DEFINED",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"providerUrgency": "NOT_DEFINED"`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`}`
			`}`
			`],`
			`"cvssMetricV31": [`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "cna@vuldb.com",`
			`"type": "Secondary",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"cvssData": {`
			`"version": "3.1",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",`
			`"baseScore": 4.7,`
			`"baseSeverity": "MEDIUM",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "LOW"`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`},`
			`"exploitabilityScore": 1.2,`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"impactScore": 3.4`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`},`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"cvssData": {`
			`"version": "3.1",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",`
			`"baseScore": 7.2,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`},`
			`"exploitabilityScore": 1.2,`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"impactScore": 5.9`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "cna@vuldb.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 5.8,`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "MULTIPLE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "PARTIAL",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "PARTIAL"`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 6.4,`
			`"impactScore": 6.4,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "cna@vuldb.com",`
			`"type": "Secondary",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"description": [`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`{`
			`"lang": "en",`
			`"value": "CWE-284"`
			`},`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`{`
			`"lang": "en",`
			`"value": "CWE-434"`
			`}`
			`]`
			`},`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-434"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mayurik:best_employee_management_system:1.0:::::::*",`
			`"matchCriteriaId": "085DDBB3-1FD4-4947-916D-1AEF70F258C3"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`"references": [`
			`{`
			`"url": "https://github.com/sh3rl0ckpggp/0day/blob/main/Employee_management%20_system_RCE.md",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`},`
			`{`
			`"url": "https://vuldb.com/?ctiid.284530",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Permissions Required",`
			`"VDB Entry"`
			`]`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`},`
			`{`
			`"url": "https://vuldb.com/?id.284530",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`},`
			`{`
			`"url": "https://vuldb.com/?submit.443304",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`},`
			`{`
			`"url": "https://www.sourcecodester.com/",`
Auto-Update: 2024-11-19T17:00:28.336990+00:00 2024-11-19 17:03:31 +00:00			`"source": "cna@vuldb.com",`
			`"tags": [`
			`"Product"`
			`]`
Auto-Update: 2024-11-14T17:00:48.589181+00:00 2024-11-14 17:03:51 +00:00			`}`
			`]`
			`}`