Unauthenticated Remote File Execution Vulnerability in Webopac

CVE-2024-11018

9.8CRITICAL

Key Information

Vendor: Grand Vice Info
Status: Webopac
Vendor: CVE Published:; 11 November 2024

Summary

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.

Affected Version(s)

Webopac < 6.5.1

Webopac < 7.2.3

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 11, 2024
Vulnerability Reserved.
Nov 8, 2024

Collectors

NVD DatabaseMitre Database