EyouCMS Website Logo unrestricted upload

CVE-2024-11211

7.2HIGH

Key Information

Vendor: Eyoucms
Status: Eyoucms
Vendor: CVE Published:; 14 November 2024

Summary

A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

EyouCMS = 1.6.0

EyouCMS = 1.6.1

EyouCMS = 1.6.2

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

VulDB entry last update
Nov 15, 2024
Risk change from: null to: 4.7 - (MEDIUM)
Nov 15, 2024
VulDB entry created
Nov 14, 2024
Advisory disclosed
Nov 14, 2024
Vulnerability published.
Nov 14, 2024

Collectors

NVD DatabaseMitre Database

Credit

falling-snow (VulDB User)