CVE-2024-4825
published 2024-05-14CVE-2024-4825: A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.72%
49.2th percentile
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agentejo | cockpit | — | — |
| agentejo | cockpit_cms | — | — |
| cockpit-hq | cockpit | >= 0 < 2.7.0 | 2.7.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cockpit CMS contains an arbitrary file upload vulenrability
osv·2024-05-14
CVE-2024-4825 [CRITICAL] Cockpit CMS contains an arbitrary file upload vulenrability
Cockpit CMS contains an arbitrary file upload vulenrability
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
GHSA
Cockpit CMS contains an arbitrary file upload vulenrability
ghsa·2024-05-14
CVE-2024-4825 [CRITICAL] CWE-434 Cockpit CMS contains an arbitrary file upload vulenrability
Cockpit CMS contains an arbitrary file upload vulenrability
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-14
Published