CVE-2024-7905

NVD Published Date: August 18, 2024 at 12:15 PM
NVD Last Modified: August 20, 2024 at 07:35 PM
Download Patch
Vulnerability ID
CVE-2024-7905
Severity
HIGH
Severity Score
7.2
Summary
A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Mitigation and Patches
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-434

Recent Publish

CVE-2024-43353

Microsoft Dynamics 365 Server, v9.1 (on-premises) Update 1.28

2024-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5037765)

2024-05 Cumulative Update for Windows 10 Version 1809 for ARM64-based Systems (KB5037765)

2024-05 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5037765)

2024-05 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5037765)

See SecOps Solution
in action

Schedule Demo