云课网络科技有限公司 Yunke Online School System har 3.0.6 Appadmin.php downfile url Dafiyar fayil ɗin cikin kundin ajiyar bayanai
Gaskiya vulnerability da aka ware a matsayin kura an samu a 云课网络科技有限公司 Yunke Online School System har 3.0.6. Hakika, aikin downfile ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil application/admin/controller/Appadmin.php, a cikin sashen $software_component. A sa manipulation of the argument url ka Dafiyar fayil ɗin cikin kundin ajiyar bayanai. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-22. Hakika, rauni an bayyana shi 09/11/2024. An raba bayanin tsaro don saukewa a wiki.shikangsi.com. Wannan matsala ana saninta da CVE-2024-8707. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga wiki.shikangsi.com. 0-day shima, an ndiyam a wuro be $0-$5k. Once again VulDB remains the best source for vulnerability data.
1 Goyarwa · 56 Datenpunkte
| Furɗe | Súgá 09/11/2024 18:35 |
|---|---|
| software_vendor | 云课网络科技有限公司 |
| software_name | Yunke Online School System |
| software_version | <=3.0.6 |
| software_file | application/admin/controller/Appadmin.php |
| software_function | downfile |
| software_argument | url |
| vulnerability_cwe | CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai) |
| vulnerability_risk | 2 |
| cvss3_vuldb_av | N |
| cvss3_vuldb_ac | L |
| cvss3_vuldb_ui | N |
| cvss3_vuldb_s | U |
| cvss3_vuldb_c | L |
| cvss3_vuldb_i | N |
| cvss3_vuldb_a | N |
| cvss3_vuldb_e | P |
| cvss3_vuldb_rc | R |
| advisory_url | https://wiki.shikangsi.com/post/share/1200e7c6-4514-44e3-980c-298e0b9ccade |
| exploit_availability | 1 |
| exploit_publicity | 1 |
| exploit_url | https://wiki.shikangsi.com/post/share/1200e7c6-4514-44e3-980c-298e0b9ccade |
| source_cve | CVE-2024-8707 |
| cna_responsible | VulDB |
| cvss2_vuldb_av | N |
| cvss2_vuldb_ac | L |
| cvss2_vuldb_ci | P |
| cvss2_vuldb_ii | N |
| cvss2_vuldb_ai | N |
| cvss2_vuldb_e | POC |
| cvss2_vuldb_rc | UR |
| cvss4_vuldb_av | N |
| cvss4_vuldb_ac | L |
| cvss4_vuldb_ui | N |
| cvss4_vuldb_vc | L |
| cvss4_vuldb_vi | N |
| cvss4_vuldb_va | N |
| cvss4_vuldb_e | P |
| cvss2_vuldb_au | S |
| cvss2_vuldb_rl | ND |
| cvss3_vuldb_pr | L |
| cvss3_vuldb_rl | X |
| cvss4_vuldb_at | N |
| cvss4_vuldb_pr | L |
| cvss4_vuldb_sc | N |
| cvss4_vuldb_si | N |
| cvss4_vuldb_sa | N |
| cvss2_vuldb_basescore | 4.0 |
| cvss2_vuldb_tempscore | 3.4 |
| cvss3_vuldb_basescore | 4.3 |
| cvss3_vuldb_tempscore | 3.9 |
| cvss3_meta_basescore | 4.3 |
| cvss3_meta_tempscore | 3.9 |
| cvss4_vuldb_bscore | 5.3 |
| cvss4_vuldb_btscore | 2.1 |
| advisory_date | 1726005600 (09/11/2024) |
| price_0day | $0-$5k |