CVE-2024-22938

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BossCMS version 1.3.0

Description The issue allows a local attacker to execute arbitrary code and escalate privileges. This is achieved via the init function in the admin.class.php component.

Recommendations For BossCMS version 1.3.0, consider restricting access to the admin.class.php component until a patch is available. As a temporary workaround, disabling the init function can help minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2024-22938

Affected Products

Bosscms

CVE-2024-22938

Weakness Enumeration

Related Identifiers

Affected Products

References · 5