Vulnerability Description
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openeclass | Openeclass | <= 3.15 |
Related Weaknesses (CWE)
References
- https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.htmlExploitThird Party Advisory
- https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.htmlExploitThird Party Advisory
FAQ
What is CVE-2024-26503?
CVE-2024-26503 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
How severe is CVE-2024-26503?
CVE-2024-26503 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-26503?
Check the references section above for vendor advisories and patch information. Affected products include: Openeclass Openeclass.