CVE-2024-26503

EUVD-2024-23768
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
openeclassopeneclass
𝑥
≤ 3.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html
https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html