6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8035-53926-2.html | Vendor Advisory |
https://www.twcert.org.tw/tw/cp-132-8031-a2f21-1.html | Vendor Advisory |
Configurations
History
05 Sep 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CPE | cpe:2.3:a:6shr_system_project:6shr_system:*:*:*:*:*:*:*:* | |
First Time |
6shr System Project
6shr System Project 6shr System |
|
References | () https://www.twcert.org.tw/en/cp-139-8035-53926-2.html - Vendor Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8031-a2f21-1.html - Vendor Advisory |
30 Aug 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-30 03:15
Updated : 2024-09-05 13:41
NVD link : CVE-2024-8330
Mitre link : CVE-2024-8330
CVE.ORG link : CVE-2024-8330
JSON object : View
Products Affected
6shr_system_project
- 6shr_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type