CVE-2024-25166

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions 71CMS version 1.0.0

Description The issue allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. This is a Cross Site Scripting vulnerability.

Recommendations For 71CMS version 1.0.0, consider disabling the uploadfile action parameter in the controller.php file as a temporary workaround until a patch is available. Restrict access to the controller.php file to minimize the risk of exploitation. Avoid using the uploadfile action parameter in the affected API endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-25166

Affected Products

71Cms

CVE-2024-25166

Weakness Enumeration

Related Identifiers

Affected Products

References · 6