CVE-2024-43033

High

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to…

mitre·CWE-69·Published 2024-08-22

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

310 chars

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.

NVDen

310 chars

NVDes

349 chars

JPress hasta 5.1.1 en Windows tiene una vulnerabilidad de carga de archivos arbitrarios que podría causar la ejecución de código arbitrario a través de ::$DATA a AttachmentController, como un archivo .jsp::$DATA a io.jpress.web.commons.controller.AttachmentController# subir. NOTA: esto no está relacionado con el vector de ataque de CVE-2024-32358.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H