CVE-2024-2636

CRITICAL Year: 2024
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-434
View all →

Vulnerability Description

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application.

Related Vulnerabilities

CVE-2019-4130

CRITICAL
CVSS:9.0(Critical)

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280.

CWE-4342019

CVE-2022-0945

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.

CWE-4342022

CVE-2022-0960

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.

CWE-4342022

CVE-2022-0962

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.

CWE-4342022

CVE-2022-1045

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.

CWE-4342022

CVE-2022-1345

CRITICAL
CVSS:9.0(Critical)

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking,...

CWE-4342022