How severe is CVE-2024-3431?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-3431?

This is classified as CWE-502, which is a common weakness in software security.

CVE-2024-3431

MEDIUM Year: 2024

CVSS v3 Score

4.7

Medium

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-502

View all →

Vulnerability Description

A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-27281

MEDIUM

CVSS:4.5(Medium)

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultan...

CWE-5022024

CVE-2024-9917

MEDIUM

CVSS:4.9(Medium)

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the ar...

CWE-5022024

CVE-2024-9953

MEDIUM

CVSS:4.9(Medium)

A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profil...

CWE-5022024

CVE-2017-15703

MEDIUM

CVSS:5.0(Medium)

Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The...

CWE-5022017

CVE-2021-34393

MEDIUM

CVSS:4.4(Medium)

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deser...

CWE-5022021

CVE-2022-20195

MEDIUM

CVSS:5.0(Medium)

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. Us...

CWE-5022022

CVE-2024-3431

Vulnerability Description

Related Vulnerabilities

CVE-2024-27281

CVE-2024-9917

CVE-2024-9953

CVE-2017-15703

CVE-2021-34393

CVE-2022-20195