How severe is CVE-2024-7706?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2024-7706?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2024-7706

MEDIUM Year: 2024

CVSS v3 Score

2.7

Low

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-434

View all →

Vulnerability Description

A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2018-10521

LOW

CVSS:2.7(Low)

In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because c...

CWE-4342018

CVE-2022-4665

LOW

CVSS:3.1(Low)

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6.

CWE-4342022

CVE-2024-53564

LOW

CVSS:2.2(Low)

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the S...

CWE-4342024

CVE-2024-47259

LOW

CVSS:3.5(Low)

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to...

CWE-4342024

CVE-2005-0254

LOW

CVSS:3.7(Low)

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to ...

CWE-4342005

CVE-2022-2872

LOW