CVE-2024-48700

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 25, 2024 / Updated: 25d ago

010
CVSS 7.2EPSS 0.04%High
CVE info copied to clipboard

Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48700

Oct 25, 2024 at 6:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48700. See article

Oct 25, 2024 at 6:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 25, 2024 at 6:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 26, 2024 at 9:53 AM
CVSS

A CVSS base score of 7.2 has been assigned.

Oct 29, 2024 at 7:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Kliqqi/cms
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI