← Back

CVE-2024-7342

nvd nist
Published: Aug 1, 2024Modified: Aug 15, 2024

JSON object

Loading...
5.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)

Description

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Baidu: Ueditor
Baidu
1 product
Ueditor
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ueditor
Up to 1.4.3.3

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

Source: cna@vuldb.com
ExploitThird Party Advisory
Source: cna@vuldb.com
Permissions RequiredThird Party Advisory
Source: cna@vuldb.com
Permissions RequiredThird Party Advisory
Source: cna@vuldb.com
Third Party Advisory

Timeline

No history available yet.