CVE-2024-27489 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitre	CNA	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Common Weakness Enumeration

CWE-473 - PHP External Variable Modification
A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.

References

https://gist.github.com/yyyyy7777777/a36541cb60d9e55628f78f2a68968212

https://gitee.com/y1336247431/poc-public/issues/I920OW

https://gist.github.com/yyyyy7777777/a36541cb60d9e55628f78f2a68968212

https://gitee.com/y1336247431/poc-public/issues/I920OW