Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Nov 2024, 18:59
Type | Values Removed | Values Added |
---|---|---|
First Time |
Vice
Vice webopac |
|
References | () https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html - Third Party Advisory | |
CPE | cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:* |
12 Nov 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Nov 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-11 07:15
Updated : 2024-11-18 18:59
NVD link : CVE-2024-11018
Mitre link : CVE-2024-11018
CVE.ORG link : CVE-2024-11018
JSON object : View
Products Affected
vice
- webopac
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type