CVE-2024-11018
Grand Vice info Webopac - Arbitrary File Upload
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
11 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Grand Vice info · WebopacWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →