CVE-2024-39118

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
mitreCNA
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AC:L/AV:L/A:N/C:N/I:H/PR:N/S:U/UI:R
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
mommyheatheradvanced_backups
𝑥
< 3.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed
https://github.com/MommyHeather/AdvancedBackups/commit/1545f499f73bf434ed292c31121fdda8042ff5d6
https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed
https://github.com/MommyHeather/AdvancedBackups/commit/1545f499f73bf434ed292c31121fdda8042ff5d6