CVE-2024-7342

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2018-4921

MEDIUM
CVSS:6.1(Medium)

Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.

CWE-4342018

CVE-2020-26583

MEDIUM
CVSS:6.1(Medium)

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, a...

CWE-4342020

CVE-2023-34833

MEDIUM
CVSS:6.1(Medium)

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.

CWE-4342023

CVE-2023-41564

MEDIUM
CVSS:6.1(Medium)

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

CWE-4342023

CVE-2023-4220

MEDIUM
CVSS:6.1(Medium)

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-...

CWE-4342023

CVE-2024-1932

MEDIUM
CVSS:6.1(Medium)

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout

CWE-4342024