An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00281}

epss

{'score': 0.00331}


Wed, 25 Sep 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Closed-loop
Closed-loop cless Server
CPEs cpe:2.3:a:closed-loop:cless_server:4.5.2:*:*:*:*:*:*:*
Vendors & Products Closed-loop
Closed-loop cless Server

Fri, 20 Sep 2024 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94

Fri, 20 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Closedlooptechnology
Closedlooptechnology cless Server
Weaknesses CWE-434
CPEs cpe:2.3:a:closedlooptechnology:cless_server:4.5.2:*:*:*:*:*:*:*
Vendors & Products Closedlooptechnology
Closedlooptechnology cless Server
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 19 Sep 2024 19:15:00 +0000

Type Values Removed Values Added
Description An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-20T13:00:18.058Z

Reserved: 2024-07-05T00:00:00

Link: CVE-2024-40125

cve-icon Vulnrichment

Updated: 2024-09-19T19:18:28.253Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-19T19:15:24.350

Modified: 2024-09-25T14:46:52.523

Link: CVE-2024-40125

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.