CVE-2024-9278

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2022-4732

MEDIUM
CVSS:4.7(Medium)

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

CWE-4342022

CVE-2023-6794

MEDIUM
CVSS:4.7(Medium)

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentia...

CWE-4342023

CVE-2024-3117

MEDIUM
CVSS:4.7(Medium)

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the a...

CWE-4342024

CVE-2024-3444

MEDIUM
CVSS:4.7(Medium)

A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the...

CWE-4342024

CVE-2024-3521

MEDIUM
CVSS:4.7(Medium)

A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestat...

CWE-4342024

CVE-2024-45644

MEDIUM
CVSS:4.7(Medium)

IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CWE-4342024