← back
CVE-2024-3778

Ai3 QbiBot - Unrestricted File Upload

CVSS 7.2 HIGHEPSS 0.6%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Apr 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Ai3 · QbiBot

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html