How severe is CVE-2024-1925?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-1925?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2024-1925 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860.

Related Vulnerabilities

CVE-2012-2950

HIGH

CVSS:8.1(High)

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.

CWE-4342012

CVE-2017-12615

HIGH

CVSS:8.1(High)

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to th...

CWE-4342017

CVE-2017-12617

HIGH

CVSS:8.1(High)

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the De...

CWE-4342017

CVE-2017-3189

HIGH

CVSS:8.1(High)

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publ...

CWE-4342017

CVE-2018-12528

HIGH

CVSS:8.1(High)

An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router ...

CWE-4342018

CVE-2021-20104

HIGH

CVSS:8.1(High)

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.

CWE-4342021