admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-348xx/CVE-2024-34852.json
cad-safe-bot 19854e81eb Auto-Update: 2024-07-03T04:01:59.096372+00:00
2024-07-03 04:04:51 +00:00

60 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-34852",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T17:15:10.303",
"lastModified": "2024-07-03T02:00:50.907",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands."
},
{
"lang": "es",
"value": "F-logic DataCube3 v1.0 se ve afectado por la inyecci\u00f3n de comandos debido a un filtrado inadecuado de cadenas en el punto de ejecuci\u00f3n del comando en el archivo ./admin/transceiver_schedule.php. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad enviando un nombre de archivo que contenga una inyecci\u00f3n de comando. La explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir al atacante ejecutar comandos del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink