Arbitrary File Upload Vulnerability in JPress through 5.1.1
CVE-2024-43033

8.8HIGH

Key Information:

Vendor: JPress
Status: Jpress
Vendor: CVE Published:; 22 August 2024

What is CVE-2024-43033?

JPress versions up to 5.1.1 on Windows are vulnerable to an arbitrary file upload flaw which can lead to the execution of arbitrary code. This vulnerability can be exploited through the ::$DATA stream by targeting the AttachmentController. An attacker could upload malicious files, such as a .jsp file, that permit unauthorized code execution. This poses a significant risk to information security, allowing attackers to gain control over affected systems.

References

https://github.com/JPressProjects/jpress/issues/188

https://cwe.mitre.org/data/definitions/69.html

https://github.com/lazy-forever/CVE-Reference/tree/main/2...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2024
Vulnerability Reserved
Aug 5, 2024

CVE-2024-43033 Data

JSON