{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11211","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-11-14T07:02:02.850Z","datePublished":"2024-11-14T15:00:09.604Z","dateUpdated":"2025-01-06T17:57:36.113Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-11-15T08:41:47.119Z"},"title":"EyouCMS Website Logo unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"Unrestricted Upload"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"n/a","product":"EyouCMS","versions":[{"version":"1.6.0","status":"affected"},{"version":"1.6.1","status":"affected"},{"version":"1.6.2","status":"affected"},{"version":"1.6.3","status":"affected"},{"version":"1.6.4","status":"affected"},{"version":"1.6.5","status":"affected"},{"version":"1.6.6","status":"affected"},{"version":"1.6.7","status":"affected"}],"modules":["Website Logo Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in EyouCMS up to 1.6.7. Affected is an unknown function of the component Website Logo Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in EyouCMS bis 1.6.7 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Website Logo Handler. Dank der Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.7,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.7,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.8,"vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-11-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-11-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-11-15T09:46:34.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"falling-snow (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.284526","name":"VDB-284526 | EyouCMS Website Logo unrestricted upload","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.284526","name":"VDB-284526 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.437600","name":"Submit #437600 | EyouCMS v1.5.6 File Inclusion","tags":["third-party-advisory"]},{"url":"https://github.com/falling-snow1/cve/blob/main/EyouCMS_RCE.md","tags":["broken-link","exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-14T16:11:49.678988Z","id":"CVE-2024-11211","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-06T17:57:36.113Z"}}]}}