CVE-2024-7705 MEDIUM

CVE-2024-7705: Fujian mwcms Image Upload uploadeditor.html uploadeditor unrestricted upload

Vendor Fujian
Product mwcms
Weakness CWE-434 · Unrestricted file upload
Published August 12, 2024
Last update August 13, 2024
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the component Image Upload. The manipulation of the argument upfile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

August 12, 2024 CVE published
August 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-42883 Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench) CVE-2024-13708 Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting CVE-2025-11948 Excellent Infotek|Document Management System - Arbitrary File Upload CVE-2024-5278 Unrestricted File Upload leading to RCE in gaizhenbiao/chuanhuchatgpt CVE-2023-1391 SourceCodester Online Tours & Travels Management System ab.php unrestricted upload