Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.
History

Thu, 24 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wellchoose:administrative_management_system:-:*:*:*:*:*:*:*

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Wellchoose
Wellchoose administrative Management System
CPEs cpe:2.3:a:wellchoose:administrative_management_system:*:*:*:*:*:*:*:*
Vendors & Products Wellchoose
Wellchoose administrative Management System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 21 Oct 2024 03:30:00 +0000

Type Values Removed Values Added
Description Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.
Title Wellchoose Administrative Management System - Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-10-21T03:13:12.936Z

Updated: 2024-10-21T13:13:10.337Z

Reserved: 2024-10-21T02:32:49.515Z

Link: CVE-2024-10201

cve-icon Vulnrichment

Updated: 2024-10-21T13:13:04.132Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-21T04:15:02.893

Modified: 2024-10-24T13:56:56.503

Link: CVE-2024-10201

cve-icon Redhat

No data.