CVE-2024-48236

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 25, 2024 / Updated: 25d ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48236

Oct 25, 2024 at 10:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48236. See article

Oct 25, 2024 at 10:15 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 25, 2024 at 10:15 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 26, 2024 at 9:53 AM
CVSS

A CVSS base score of 6.5 has been assigned.

Oct 29, 2024 at 7:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Ofcms_project/ofcms
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

CVE-2024-48236 | ofcms 1.1.2 FileUtils.java FileOutputStream Privilege Escalation
A vulnerability was found in ofcms 1.1.2 . It has been rated as critical . Affected by this issue is the function FileOutputStream of the file ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java . The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2024-48236 . The attack may be launched remotely. There is no exploit available.
NA - CVE-2024-48236 - An issue in ofcms 1.1.2 allows a remote...
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the...
CVE-2024-48236
Critical Severity Description An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file Read more at https://www.tenable.com/cve/CVE-2024-48236
CVE-2024-48236
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java...
CVE-2024-48236 - Apache OFCMS Java Deserialization Code Execution Vulnerability
CVE ID : CVE-2024-48236 Published : Oct. 25, 2024, 10:15 p.m. 19 minutes ago Description : An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI