CVE-2024-6647

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271053 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 4.7 MEDIUM
CVSS v2.0 5.8 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:M/C:P/I:P/A:P

Exploitability : 6.4 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/DeepMountains/Mirage/blob/main/CVE-1.md
https://vuldb.com/?ctiid.271053
https://vuldb.com/?id.271053
https://vuldb.com/?submit.372009
https://github.com/DeepMountains/Mirage/blob/main/CVE-1.md
https://vuldb.com/?ctiid.271053
https://vuldb.com/?id.271053
https://vuldb.com/?submit.372009

Configurations

No configuration.

History

21 Nov 2024, 09:50

Type	Values Removed	Values Added
References	~~() https://github.com/DeepMountains/Mirage/blob/main/CVE-1.md -~~	() https://github.com/DeepMountains/Mirage/blob/main/CVE-1.md -
References	~~() https://vuldb.com/?ctiid.271053 -~~	() https://vuldb.com/?ctiid.271053 -
References	~~() https://vuldb.com/?id.271053 -~~	() https://vuldb.com/?id.271053 -
References	~~() https://vuldb.com/?submit.372009 -~~	() https://vuldb.com/?submit.372009 -

11 Jul 2024, 13:05

Type	Values Removed	Values Added
Summary		(es) NO SOPORTADO CUANDO SE ASIGNÓ Se encontró una vulnerabilidad clasificada como crítica en Croogo hasta 4.0.7. Una parte desconocida del archivo admin/settings/settings/prefix/Theme del componente Configuration Handler afecta a una parte desconocida. La manipulación del argumento Content-Type conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-271053. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor.

10 Jul 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-10 18:15

Updated : 2024-11-21 09:50

NVD link : CVE-2024-6647

Mitre link : CVE-2024-6647

CVE.ORG link : CVE-2024-6647

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

4.7 /10