CVE-2024-4610120.09.2024, 21:15GDidees CMS <= v3.9.1 has a file upload vulnerability.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CISA-ADPADP9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 56%VendorProductVersiongdideesgdidees_cms𝑥≤ 3.9.1𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.Referenceshttps://github.com/N0zoM1z0/MY-CVE/blob/main/CVE-2024-46101.md