CVE-2024-7706

A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/DeepMountains/Mirage/blob/main/CVE12-2.md Exploit Technical Description Third Party Advisory
https://vuldb.com/?ctiid.274184 Permissions Required VDB Entry
https://vuldb.com/?id.274184 Permissions Required VDB Entry
https://vuldb.com/?submit.385651 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:mainwww:mwcms:1.0.0:*:*:*:*:*:*:*

History

22 Aug 2024, 13:26

Type Values Removed Values Added
CPE cpe:2.3:a:mainwww:mwcms:1.0.0:*:*:*:*:*:*:*
CVSS v2 : 5.8
v3 : 4.7
v2 : 5.8
v3 : 2.7
Summary
  • (es) Se encontró una vulnerabilidad en Fujian mwcms 1.0.0. Ha sido calificada como crítica. La función uploadimage del archivo /uploadfile.html es afectada por esta vulnerabilidad. La manipulación del argumento upfile conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
First Time Mainwww
Mainwww mwcms
References () https://github.com/DeepMountains/Mirage/blob/main/CVE12-2.md - () https://github.com/DeepMountains/Mirage/blob/main/CVE12-2.md - Exploit, Technical Description, Third Party Advisory
References () https://vuldb.com/?ctiid.274184 - () https://vuldb.com/?ctiid.274184 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.274184 - () https://vuldb.com/?id.274184 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.385651 - () https://vuldb.com/?submit.385651 - Third Party Advisory, VDB Entry

12 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 23:15

Updated : 2024-08-22 13:26


NVD link : CVE-2024-7706

Mitre link : CVE-2024-7706

CVE.ORG link : CVE-2024-7706


JSON object : View

Products Affected

mainwww

  • mwcms
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type