PT-2023-9689 · Mediacms · Mediacms
Vladimir Razov
·
Published
2023-10-17
·
Updated
2024-11-12
·
CVE-2024-52004
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MediaCMS versions prior to 4.1.0
Description
The issue is related to insufficient input validation while uploading media content, which can lead to remote code execution under special conditions. This can be exploited if the portal allows users to upload content. The vulnerability has been patched in version 4.1.0.
Recommendations
For versions prior to 4.1.0, upgrade to version 4.1.0 to fix the issue. As a temporary workaround, consider restricting access to the media upload feature until the upgrade is applied. Avoid using the
media upload feature in the affected API endpoint until the issue is resolved. At the moment, there are no known workarounds for this vulnerability other than upgrading to the patched version.Exploit
Fix
Special Elements Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mediacms