File Upload Vulnerability in MCMS by H3AK
CVE-2024-22567

8.8HIGH

Key Information:

Vendor: Mingsoft
Status: Mcms
Vendor: CVE Published:; 5 February 2024

Badges

👾 Exploit Exists

What is CVE-2024-22567?

The vulnerability in MCMS version 5.3.5 stems from improper validation of user-uploaded files. Specifically, an attacker can exploit this flaw by crafting a malicious POST request to the endpoint /ms/file/upload.do, enabling them to upload arbitrary files to the server. This can lead to serious security implications, including unauthorized access to sensitive data, execution of malicious scripts, and potential system compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/h3ak/MCMS-CVE-Request/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 12, 2024
👾
Exploit known to exist
Feb 12, 2024
Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Jan 11, 2024

JSON

Mingsoft

Badges

What is CVE-2024-22567?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.