CVE-2024-1925

A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860.

CVSS v3.0 8.1 HIGH

8.1^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL	Permissions Required
https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL	Permissions Required
https://vuldb.com/?ctiid.254860	Permissions Required
https://vuldb.com/?ctiid.254860	Permissions Required
https://vuldb.com/?id.254860	Permissions Required
https://vuldb.com/?id.254860	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:ctcms_project:ctcms:2.1.2:*:*:*:*:*:*:*

History

18 Dec 2024, 17:38

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
CWE	~~CWE-434~~
First Time		Ctcms Project ctcms Ctcms Project
CPE		cpe:2.3:a:ctcms_project:ctcms:2.1.2:::::::*
References	~~() https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL -~~	() https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL - Permissions Required
References	~~() https://vuldb.com/?id.254860 -~~	() https://vuldb.com/?id.254860 - Permissions Required
References	~~() https://vuldb.com/?ctiid.254860 -~~	() https://vuldb.com/?ctiid.254860 - Permissions Required

27 Feb 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 17:15

Updated : 2024-12-18 17:38

NVD link : CVE-2024-1925

Mitre link : CVE-2024-1925

JSON object : View

Products Affected

ctcms_project

ctcms

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL", "name": "https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL", "name": "https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254860", "name": "VDB-254860 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254860", "name": "VDB-254860 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.254860", "name": "VDB-254860 | Ctcms Upsys.php unrestricted upload", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.254860", "name": "VDB-254860 | Ctcms Upsys.php unrestricted upload", "tags": ["Permissions Required"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-1925", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}}, "publishedDate": "2024-02-27T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ctcms_project:ctcms:2.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-18T17:38Z"}