Description

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related CPE's

a

youdiancms

youdiancms

7.0

Vulnerable

References

https://vuldb.com/?ctiid.273252

Permissions RequiredVDB Entry

https://vuldb.com/?id.273252

Permissions RequiredVDB Entry

https://vuldb.com/?submit.378324

Third Party AdvisoryVDB Entry

https://wiki.shikangsi.com/post/share/30c24c77-42e6-4a0c-b60b-e02d09dc325b

ExploitTechnical DescriptionThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-07-31T21:15:14.063Z

1 year ago

Last modified

2024-08-23T14:34:06.267Z

1 year ago