CVE-2024-8330

6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:6shr_system_project:6shr_system:*:*:*:*:*:*:*:*

History

05 Sep 2024, 13:41

Type Values Removed Values Added
Summary
  • (es) El sistema 6SHR de Gether Technology no valida correctamente los tipos de archivos cargados, lo que permite a atacantes remotos con privilegios regulares cargar scripts de shell web y usarlos para ejecutar comandos de sistema arbitrarios en el servidor.
CPE cpe:2.3:a:6shr_system_project:6shr_system:*:*:*:*:*:*:*:*
First Time 6shr System Project
6shr System Project 6shr System
References () https://www.twcert.org.tw/en/cp-139-8035-53926-2.html - () https://www.twcert.org.tw/en/cp-139-8035-53926-2.html - Vendor Advisory
References () https://www.twcert.org.tw/tw/cp-132-8031-a2f21-1.html - () https://www.twcert.org.tw/tw/cp-132-8031-a2f21-1.html - Vendor Advisory

30 Aug 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-30 03:15

Updated : 2024-09-05 13:41


NVD link : CVE-2024-8330

Mitre link : CVE-2024-8330

CVE.ORG link : CVE-2024-8330


JSON object : View

Products Affected

6shr_system_project

  • 6shr_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type