CVE-2024-26503

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
openeclassopeneclass
𝑥
≤ 3.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html
https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html