CVE-2024-8166

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-11404

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.

CWE-4342017

CVE-2017-11405

MEDIUM
CVSS:4.9(Medium)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/modul...

CWE-4342017

CVE-2018-16373

MEDIUM
CVSS:4.9(Medium)

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.

CWE-4342018

CVE-2018-16397

MEDIUM
CVSS:4.9(Medium)

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,

CWE-4342018

CVE-2019-8140

MEDIUM
CVSS:4.9(Medium)

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the M...

CWE-4342019

CVE-2020-6975

MEDIUM
CVSS:4.9(Medium)

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious...

CWE-4342020