CVE-2024-7740

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/DeepMountains/Mirage/blob/main/CVE14-1.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.274360 Permissions Required Third Party Advisory
https://vuldb.com/?id.274360 Permissions Required Third Party Advisory
https://vuldb.com/?submit.386432 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ltcms:ltcms:1.0.20:*:*:*:*:*:*:*

History

21 Aug 2024, 19:06

Type Values Removed Values Added
CPE cpe:2.3:a:ltcms:ltcms:1.0.20:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad ha sido encontrada en wanglongcn ltcms 1.0.20 y clasificada como crítica. Esta vulnerabilidad afecta a la función de descarga del archivo /api/test/download del componente API Endpoint. La manipulación del argumento URL conduce a server-side request forgery. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
References () https://github.com/DeepMountains/Mirage/blob/main/CVE14-1.md - () https://github.com/DeepMountains/Mirage/blob/main/CVE14-1.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.274360 - () https://vuldb.com/?ctiid.274360 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.274360 - () https://vuldb.com/?id.274360 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.386432 - () https://vuldb.com/?submit.386432 - Third Party Advisory
First Time Ltcms ltcms
Ltcms
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8

13 Aug 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 20:15

Updated : 2024-08-21 19:06


NVD link : CVE-2024-7740

Mitre link : CVE-2024-7740

CVE.ORG link : CVE-2024-7740


JSON object : View

Products Affected

ltcms

  • ltcms
CWE
CWE-918

Server-Side Request Forgery (SSRF)