CVE-2024-51053

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-51053

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file.

References
Link Resource
https://binqqer.com/posts/CVE-2024-51053/
https://vulners.com/packetstorm/PACKETSTORM:173122
Configurations

No configuration.

History

19 Nov 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-79
Summary
  • (es) Una vulnerabilidad de carga de archivos arbitrarios en el componente /main/fileupload.php de AVSCMS v8.2.0 permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo manipulado específicamente.

18 Nov 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-18 21:15

Updated : 2024-11-19 21:57

NVD link : CVE-2024-51053

Mitre link : CVE-2024-51053

CVE.ORG link : CVE-2024-51053

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')