CVE-2024-11211

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-11211
A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://vuldb.com/?id.284526 Permissions Required VDB Entry
https://vuldb.com/?ctiid.284526 Permissions Required VDB Entry
https://vuldb.com/?submit.437600 Third Party Advisory VDB Entry
https://github.com/falling-snow1/cve/blob/main/EyouCMS_RCE.md Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:eyoucms:eyoucms:*:*:*:*:*:*:*:*
History

19 Nov 2024, 19:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2
First Time Eyoucms eyoucms
Eyoucms
CWE CWE-284
CPE cpe:2.3:a:eyoucms:eyoucms:*:*:*:*:*:*:*:*
References () https://vuldb.com/?id.284526 - () https://vuldb.com/?id.284526 - Permissions Required, VDB Entry
References () https://github.com/falling-snow1/cve/blob/main/EyouCMS_RCE.md - () https://github.com/falling-snow1/cve/blob/main/EyouCMS_RCE.md - Broken Link
References () https://vuldb.com/?submit.437600 - () https://vuldb.com/?submit.437600 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?ctiid.284526 - () https://vuldb.com/?ctiid.284526 - Permissions Required, VDB Entry

15 Nov 2024, 09:15

Type Values Removed Values Added
Summary A vulnerability classified as critical has been found in EyouCMS 1.5.6. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

14 Nov 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-14 15:15

Updated : 2024-11-19 19:01

NVD link : CVE-2024-11211

Mitre link : CVE-2024-11211

JSON object : View

Products Affected

eyoucms

  • eyoucms
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type