VDB-288969 · CVE-2024-12789 · GCVE-100-288969

PbootCMS ଯେପର୍ଯ୍ୟନ୍ତ 3.2.3 IndexController.php ଦିନ ବିସ୍ତାରିତ ଅଧିକାର

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu PbootCMS ଯେପର୍ଯ୍ୟନ୍ତ 3.2.3 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii apps/home/controller/IndexController.php keessa. Hojii jijjiirraa irratti gaggeeffame ଦିନ gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-94 geessa. Dadhabbii kana yeroo 12/19/2024 maxxanfameera. Odeeffannoon kun buufachuuf gist.github.com irratti qoodameera. Dogoggorri kun akka CVE-2024-12789tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana gist.github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 98 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/19/2024 09:41 AM	ଅଦ୍ୟତନ 1/2 12/19/2024 07:44 PM	ଅଦ୍ୟତନ 2/2 01/11/2025 02:17 AM
software_name	PbootCMS	PbootCMS	PbootCMS
software_version	<=3.2.3	<=3.2.3	<=3.2.3
software_file	apps/home/controller/IndexController.php	apps/home/controller/IndexController.php	apps/home/controller/IndexController.php
software_argument	tag	tag	tag
vulnerability_cwe	CWE-94 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-94 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-94 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_url	https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817	https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817	https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817	https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817	https://gist.github.com/J1rrY-learn/8e52bf055fd1806ada81ae1ff25dd817
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version	3.2.4	3.2.4	3.2.4
source_cve	CVE-2024-12789	CVE-2024-12789	CVE-2024-12789
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss3_vuldb_pr	L	L	L
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.1	5.1	5.1
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.7	6.0	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1734562800 (12/19/2024)	1734562800 (12/19/2024)	1734562800 (12/19/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component.	A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en PbootCMS hasta la versión 3.2.3. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo apps/home/controller/IndexController.php. La manipulación de la etiqueta de argumento provoca la inyección de código. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. La actualización a la versión 3.2.4 puede solucionar este problema. Se recomienda actualizar el componente afectado.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!