A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
History

Fri, 30 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Hfo4
Hfo4 shudong-share
CPEs cpe:2.3:a:hfo4:shudong-share:2.4.7:*:*:*:*:*:*:*
Vendors & Products Hfo4
Hfo4 shudong-share
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 30 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Title HFO4 shudong-share File Extension fileReceive.php unrestricted upload
Weaknesses CWE-434
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-30T14:31:04.161Z

Updated: 2024-08-30T18:14:15.809Z

Reserved: 2024-08-30T07:10:19.611Z

Link: CVE-2024-8338

cve-icon Vulnrichment

Updated: 2024-08-30T18:14:00.343Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-30T15:15:19.973

Modified: 2024-09-25T19:12:05.877

Link: CVE-2024-8338

cve-icon Redhat

No data.