Assigner | INCIBE |
Reserved | 2024-05-13 |
Published | 2024-05-13 |
Updated | 2024-06-05 |
Description
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Problem types
CWE-434 Unrestricted Upload of File with Dangerous Type
Product status
0.5.5
Credits
Rafael Pedrero