CVE-2024-2636
CVSS V2 None
CVSS V3 None
Description
An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application.
Overview
- CVE ID
- CVE-2024-2636
- Assigner
- INCIBE
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-19T12:12:13.392Z
- Last Modified Date
- 2024-03-19T12:12:13.392Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-2636 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2636 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 23:28:37 | Added to TrackCVE |