CVE Details: CVE-2024-9985

Description

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server.

Published Date: 2024-10-15
Last Modified Date: 2024-10-16
Severity: CRITICAL
CVSS v3 Score: 9.8
CWE ID: CWE-434
Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
User Interaction: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

Back to CVE List