How severe is CVE-2024-28405?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-28405?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-28405

HIGH Year: 2024

CVSS v3 Score

7.2

High

Weakness Type

CWE-284

View all →

Vulnerability Description

SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.

CVE-2015-3653

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequent...

CWE-2842015

CVE-2015-3654

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than C...

CWE-2842015

CVE-2015-3657

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.

CWE-2842015

CVE-2015-4649

HIGH

CVSS:7.2(High)

CWE-2842015

CVE-2016-10084

HIGH

CVSS:7.2(High)

admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).

CWE-2842016

CVE-2016-10085

HIGH

CVSS:7.2(High)

admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.

CWE-2842016

CVE-2024-28405

Vulnerability Description

Related Vulnerabilities

CVE-2015-3653

CVE-2015-3654

CVE-2015-3657

CVE-2015-4649

CVE-2016-10084

CVE-2016-10085