← voltar
CVE-2024-58295

ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload

CVSS 8.6 HIGHEPSS 0.5%CWE-434
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
elkarte · ElkArte Forum