PT-2024-28917 · Publiccms · Publiccms

Rabbit

Published

2024-07-12

Updated

2024-07-12

CVE-2024-40552

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PublicCMS version 4.0.202302.e

Description A remote command execution issue was discovered, allowing attackers to execute commands via the cmdarray parameter at the /site/ScriptComponent.java endpoint.

Recommendations For PublicCMS version 4.0.202302.e, avoid using the cmdarray parameter in the /site/ScriptComponent.java endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-40552

Affected Products

Publiccms

PT-2024-28917 · Publiccms · Publiccms

CVE-2024-40552

Weakness Enumeration

Related Identifiers

Affected Products

References · 4