- Description
- Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- twcert@cert.org.tw
- CWE-434
- Hype score
- Not currently trending
CVE-2024-11017 Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which … https://t.co/UoQYdHOxVY
@CVEnew
11 Nov 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-11017: HIGH] Grand Vice info's Webopac system has a cyber security vulnerability where attackers can upload and run webshells, potentially leading to arbitrary code execution. #cybersecurity#cybersecurity,#vulnerability https://t.co/3aK9VFKpeD https://t.co/Jlg0n3gCP6
@CveFindCom
11 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05F9B655-8FA4-48EC-A45C-2023F4C74AF9",
"versionEndExcluding": "6.5.1",
"versionStartIncluding": "6"
},
{
"criteria": "cpe:2.3:a:vice:webopac:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2179D8C-B827-4464-918B-5C74013AC527",
"versionEndExcluding": "7.2.3",
"versionStartIncluding": "7"
}
],
"operator": "OR"
}
]
}
]