CVE-2024-7705

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2018-16821

MEDIUM
CVSS:5.3(Medium)

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.

CWE-4342018

CVE-2018-19789

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string...

CWE-4342018

CVE-2021-29022

MEDIUM
CVSS:5.3(Medium)

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.

CWE-4342021

CVE-2023-38330

MEDIUM
CVSS:5.3(Medium)

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP ...

CWE-4342023

CVE-2023-40183

MEDIUM
CVSS:5.3(Medium)

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `Im...

CWE-4342023