CVE-2024-3778

Published Apr 15, 2024

Last updated 7 months ago

CVSS high 7.2

Overview

Description
The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.
Source
twcert@cert.org.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

twcert@cert.org.tw
CWE-434

Social media

Hype score
Not currently trending

References