Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentVulDBVULNRICHMENT:CVE-2024-1705
HistoryFeb 21, 2024 - 5:31 p.m.

CVE-2024-1705 Shopwind Installation DefaultController.php actionCreate code injection

2024-02-2117:31:07
CWE-94
VulDB
github.com
2
cve-2024-1705
shopwind
defaultcontroller.php
code injection
remote attack
critical vulnerability
vdb-254393
public disclosure

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CNA Affected

[
  {
    "vendor": "n/a",
    "modules": [
      "Installation"
    ],
    "product": "Shopwind",
    "versions": [
      {
        "status": "affected",
        "version": "4.0"
      },
      {
        "status": "affected",
        "version": "4.1"
      },
      {
        "status": "affected",
        "version": "4.2"
      },
      {
        "status": "affected",
        "version": "4.3"
      },
      {
        "status": "affected",
        "version": "4.4"
      },
      {
        "status": "affected",
        "version": "4.5"
      },
      {
        "status": "affected",
        "version": "4.6"
      }
    ]
  }
]

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2024-1705
2024-02-21 18:15:50
prion
prion
Code injection
2024-02-21 18:15:00
cvelist
cvelist
CVE-2024-1705 Shopwind Installation DefaultController.php actionCreate code injection
2024-02-21 17:31:07
nvd
nvd
CVE-2024-1705
2024-02-21 18:15:50

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-1705
cve1prion1cvelist1nvd1