CVE-2024-0713

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0713
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28871. Reason: This candidate is a reservation duplicate of CVE-2020-28871. Notes: All CVE users should reference CVE-2020-28871 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

25 Apr 2024, 06:15

Type Values Removed Values Added
References
  • {'url': 'https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing', 'tags': ['Exploit', 'Third Party Advisory'], 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?ctiid.251539', 'tags': ['Third Party Advisory'], 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?id.251539', 'tags': ['Third Party Advisory'], 'source': 'cna@vuldb.com'}
CVSS v2 : 5.8
v3 : 8.8 		v2 : unknown
v3 : unknown
CWE CWE-434
CPE cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
Summary
  • (es) Se encontró una vulnerabilidad en Monitorr 1.7.6m. Ha sido declarada crítica. Una función desconocida del archivo /assets/php/upload.php del componente Services Configuration es afectada por esta vulnerabilidad. La manipulación del argumento fileToUpload conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251539. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
Summary (en) A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. (en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28871. Reason: This candidate is a reservation duplicate of CVE-2020-28871. Notes: All CVE users should reference CVE-2020-28871 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

26 Jan 2024, 15:58

Type Values Removed Values Added
CVSS v2 : 5.8
v3 : 4.7 		v2 : 5.8
v3 : 8.8
Summary
  • (es) Se encontró una vulnerabilidad en Monitorr 1.7.6m. Ha sido declarada crítica. Una función desconocida del archivo /assets/php/upload.php del componente Services Configuration es afectada por esta vulnerabilidad. La manipulación del argumento fileToUpload conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251539. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
First Time Monitorr
Monitorr monitorr
References () https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing - () https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.251539 - () https://vuldb.com/?ctiid.251539 - Third Party Advisory
References () https://vuldb.com/?id.251539 - () https://vuldb.com/?id.251539 - Third Party Advisory
CPE cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*

19 Jan 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-19 14:15

Updated : 2024-04-25 06:15

NVD link : CVE-2024-0713

Mitre link : CVE-2024-0713

CVE.ORG link : CVE-2024-0713

JSON object : View

Products Affected

No product.

CWE

No CWE.