A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
References
Configurations
History
27 Jun 2025, 15:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms - Third Party Advisory | |
First Time |
Agentejo
Agentejo cockpit |
|
CPE | cpe:2.3:a:agentejo:cockpit:0.5.5:*:*:*:*:*:*:* |
21 Nov 2024, 09:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms - | |
Summary |
|
14 May 2024, 15:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-14 15:45
Updated : 2025-06-27 15:04
NVD link : CVE-2024-4825
Mitre link : CVE-2024-4825
CVE.ORG link : CVE-2024-4825
JSON object : View
Products Affected
agentejo
- cockpit
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type