PT-2024-16705 · Grand Vice Info · Webopac

Ming-Hung

Published

2024-11-11

Updated

2024-11-18

CVE-2024-11017

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Webopac from Grand Vice info (affected versions not specified)

Description The issue concerns a problem with file type validation in Webopac from Grand Vice info, allowing remote attackers with regular privileges to upload and execute webshells. This could lead to arbitrary code execution on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2024-11017

Affected Products

Webopac

PT-2024-16705 · Grand Vice Info · Webopac

CVE-2024-11017

Weakness Enumeration

Related Identifiers

Affected Products

References · 13