ByteOS Network

NVD Vulnerability Details :

CVE-2024-1925

Analyzed

Source-cna@vuldb.com

Published At-27 Feb, 2024 | 17:15

Updated At-18 Dec, 2024 | 17:38

A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.0	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	2.0	4.6	MEDIUM	AV:N/AC:H/Au:S/C:P/I:P/A:P

CPE Matches

ctcms_project>>ctcms>>2.1.2

cpe:2.3:a:ctcms_project:ctcms:2.1.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-434	Secondary	cna@vuldb.com

References

Hyperlink	Source	Resource
https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL	cna@vuldb.com	Permissions Required
https://vuldb.com/?ctiid.254860	cna@vuldb.com	Permissions Required
https://vuldb.com/?id.254860	cna@vuldb.com	Permissions Required
https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL	af854a3a-2127-422b-91ae-364da2661108	Permissions Required
https://vuldb.com/?ctiid.254860	af854a3a-2127-422b-91ae-364da2661108	Permissions Required
https://vuldb.com/?id.254860	af854a3a-2127-422b-91ae-364da2661108	Permissions Required

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History