CVE-2024-51243

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 30, 2024 / Updated: 20d ago

010
CVSS 7.2EPSS 0.04%High
CVE info copied to clipboard

The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51243

Oct 30, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-51243. See article

Oct 30, 2024 at 9:22 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 30, 2024 at 9:22 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 31, 2024 at 9:57 AM
CVSS

A CVSS base score of 7.2 has been assigned.

Oct 31, 2024 at 3:41 PM / nvd
Static CVE Timeline Graph

Affected Systems

Eladmin/eladmin
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

CVE-2024-51243 | eladmin up to 2.7 DeployController.java Privilege Escalation
A vulnerability, which was classified as critical , was found in eladmin up to 2.7 . This affects an unknown part of the file DeployController.java . The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-51243 . It is possible to initiate the attack remotely. There is no exploit available.
NA - CVE-2024-51243 - The eladmin v2.7 and before contains a remote...
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.
CVE-2024-51243 - Apache Eladmin Remote Code Execution Vulnerability
CVE ID : CVE-2024-51243 Published : Oct. 30, 2024, 9:15 p.m. 15 minutes ago Description : The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51243
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.
CVE-2024-51243
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via...
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI