Arbitrary File Upload Vulnerability in Agentejo Cockpit CMS
CVE-2024-4825

Currently unrated

Key Information:

Vendor: Agentejo
Status: Cockpit CMS
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4825?

A vulnerability in Agentejo Cockpit CMS v0.5.5 allows for arbitrary file uploads through the '/media/api' parameter via POST requests. This exploit enables attackers to upload potentially malicious files to the server, which could lead to a comprehensive compromise of the affected infrastructure. It is crucial for users of this CMS to apply security practices and keep software updated to mitigate this risk.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/unrest...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024

CVE-2024-4825 Data

JSON