CVE-2024-6947 MEDIUM

CVE-2024-6947: Flute CMS Notification ContentParser.php replaceContent code injection

Vendor Flute
Product CMS
Weakness CWE-94 · Code injection
Published July 21, 2024
Last update August 1, 2024

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability.

Key dates

02Disclosure timeline

July 21, 2024 CVE published
August 1, 2024 Record updated