← Back

CVE-2017-1002024

nvd nist
Published: Sep 14, 2017Modified: May 13, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

Affected (21)

Kindsoft
2 products
Kind Editor
Kindeditor
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Kindsoft
Kind Editor
Up to 3.5.6
Kind Editor
Version 4.0.1
Kind Editor
Version 4.0.2
Kind Editor
Version 4.0.3
Kind Editor
Version 4.0.4
Kind Editor
Version 4.0.5
Kind Editor
Version 4.0.6
Kind Editor
Version 4.0
Kind Editor
Version 4.1.10
Kind Editor
Version 4.1.11
Kind Editor
Version 4.1.1
Kind Editor
Version 4.1.2
Kind Editor
Version 4.1.3
Kind Editor
Version 4.1.4
Kind Editor
Version 4.1.5
Kind Editor
Version 4.1.6
Kind Editor
Version 4.1.7
Kind Editor
Version 4.1.8
Kind Editor
Version 4.1.9
Kind Editor
Version 4.1
Kindeditor
Version 4.1.12

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: larry0@me.com
Product
Source: larry0@me.com
ExploitThird Party Advisory
Source: larry0@me.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.