CVE-2024-52004

Vulnerability Description

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade. The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability.

Related Weaknesses (CWE)

References

• https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md
• https://github.com/mediacms-io/mediacms/security/advisories/GHSA-x3p4-4442-q2c3

FAQ

What is CVE-2024-52004?

CVE-2024-52004 is a documented vulnerability. MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code exe...

How severe is CVE-2024-52004?

CVSS scoring is not yet available for CVE-2024-52004. Check NVD for updates.

Is there a patch for CVE-2024-52004?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.