A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2024-05-13T11:23:20.416Z
Updated: 2024-08-01T20:55:10.120Z
Reserved: 2024-05-13T08:15:39.916Z
Link: CVE-2024-4825
Vulnrichment
Updated: 2024-08-01T20:55:10.120Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T15:45:16.483
Modified: 2024-05-14T16:11:39.510
Link: CVE-2024-4825
Redhat
No data.