PT-2023-9689 · Mediacms · Mediacms
Vladimir Razov
·
Publicado
2023-10-17
·
Atualizado
2024-11-12
·
CVE-2024-52004
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MediaCMS versions prior to 4.1.0
Description
The issue is related to insufficient input validation while uploading media content, which can lead to remote code execution under special conditions. This can be exploited if the portal allows users to upload content. The vulnerability has been patched in version 4.1.0.
Recommendations
For versions prior to 4.1.0, upgrade to version 4.1.0 to fix the issue. As a temporary workaround, consider restricting access to the media upload feature until the upgrade is applied. Avoid using the
media upload feature in the affected API endpoint until the issue is resolved. At the moment, there are no known workarounds for this vulnerability other than upgrading to the patched version.Exploit
Correção
Special Elements Injection
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mediacms