{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9855", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-11T06:35:14.410Z", "datePublished": "2024-10-11T12:31:04.986Z", "dateUpdated": "2024-10-11T14:14:30.450Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-11T12:31:04.986Z"}, "title": "07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "Unrestricted Upload"}]}], "affected": [{"vendor": "n/a", "product": "07FLYCMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["Module Plug-In Handler"]}, {"vendor": "n/a", "product": "07FLY-CMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["Module Plug-In Handler"]}, {"vendor": "n/a", "product": "07FlyCRM", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["Module Plug-In Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."}, {"lang": "de", "value": "In 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion uploadFile der Datei /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 der Komponente Module Plug-In Handler. Mit der Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-10-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-10-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-11T08:40:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "chenzijie0619 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.280051", "name": "VDB-280051 | 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280051", "name": "VDB-280051 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.419222", "name": "Submit #419222 | \u96f6\u8d77\u98de 07FlyCms 1.3.8 FileUpload", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DeepMountains/zzz/blob/main/CVE6-1.md", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "07fly", "product": "07fly-cms", "cpes": ["cpe:2.3:a:07fly:07fly-cms:1.3.8:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.3.8", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T14:13:46.899418Z", "id": "CVE-2024-9855", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T14:14:30.450Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9855", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-11T06:35:14.410Z", "datePublished": "2024-10-11T12:31:04.986Z", "dateUpdated": "2024-10-11T14:14:30.450Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-11T12:31:04.986Z"}, "title": "07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "Unrestricted Upload"}]}], "affected": [{"vendor": "n/a", "product": "07FLYCMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["Module Plug-In Handler"]}, {"vendor": "n/a", "product": "07FLY-CMS", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["Module Plug-In Handler"]}, {"vendor": "n/a", "product": "07FlyCRM", "versions": [{"version": "1.3.8", "status": "affected"}], "modules": ["Module Plug-In Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."}, {"lang": "de", "value": "In 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8 wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion uploadFile der Datei /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 der Komponente Module Plug-In Handler. Mit der Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-10-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-10-11T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-11T08:40:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "chenzijie0619 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.280051", "name": "VDB-280051 | 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280051", "name": "VDB-280051 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.419222", "name": "Submit #419222 | \u96f6\u8d77\u98de 07FlyCms 1.3.8 FileUpload", "tags": ["third-party-advisory"]}, {"url": "https://github.com/DeepMountains/zzz/blob/main/CVE6-1.md", "tags": ["exploit"]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9855", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T14:13:46.899418Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:07fly:07fly-cms:1.3.8:*:*:*:*:*:*:*"], "vendor": "07fly", "product": "07fly-cms", "versions": [{"status": "affected", "version": "1.3.8"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T14:14:23.840Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en 07FLYCMS, 07FLY-CMS y 07FlyCRM 1.3.8. Se ha declarado como cr\u00edtica. La vulnerabilidad afecta a la funci\u00f3n uploadFile del archivo /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 del componente Module Plug-In Handler. La manipulaci\u00f3n del archivo de argumentos provoca una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El producto afectado se conoce con diferentes nombres como 07FLYCMS, 07FLY-CMS y 07FlyCRM. No fue posible ponerse en contacto con el proveedor antes de asignar un CVE debido a que la direcci\u00f3n de correo electr\u00f3nico no funcionaba."}], "id": "CVE-2024-9855", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-10-11T13:15:21.460", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/DeepMountains/zzz/blob/main/CVE6-1.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.280051"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.280051"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.419222"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}