An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Technocking
  • R-pan-scaffolding

Configuration 1 [-]

cpe:2.3:a:technocking:r-pan-scaffolding:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/Joying-C/Cross-site-scripting-vulnerability/tree/main/r-pan-scaffolding_Cross_site%20_scripting%20_vulnerability Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-05-15T19:26:34.965073

Reserved:

Link: CVE-2024-34913

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2024-05-15T20:15:13.657

Modified: 2024-05-23T20:59:34.540

Link: CVE-2024-34913

JSON object: View

cve-icon Redhat Information

No data.

CWE