MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade. The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mediacms
Mediacms mediacms |
|
CPEs | cpe:2.3:a:mediacms:mediacms:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mediacms
Mediacms mediacms |
|
Metrics |
ssvc
|
Fri, 08 Nov 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade. The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability. | |
Title | Remote code execution vulnerabilities in MediaCMS | |
Weaknesses | CWE-74 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-08T22:10:07.361Z
Updated: 2024-11-12T19:56:53.955Z
Reserved: 2024-11-04T17:46:16.778Z
Link: CVE-2024-52004
Vulnrichment
Updated: 2024-11-12T19:56:04.673Z
NVD
Status : Awaiting Analysis
Published: 2024-11-08T23:15:04.627
Modified: 2024-11-12T13:56:54.483
Link: CVE-2024-52004
Redhat
No data.