CVE-2024-39165

QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://synacktiv.com/en/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution
https://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-04 13:15

Updated : 2024-12-04 16:15

NVD link : CVE-2024-39165

Mitre link : CVE-2024-39165

CVE.ORG link : CVE-2024-39165

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-39165", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.1}]}, "published": "2024-07-04T13:15:10.023", "references": [{"url": "https://synacktiv.com/en/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution", "source": "cve@mitre.org"}, {"url": "https://www.synacktiv.com/advisories/jpgraph-professional-version-pre-authenticated-remote-code-execution", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product."}, {"lang": "es", "value": "QR/demoapp/qr_image.php en Asial JpGraph Professional hasta 4.2.6-pro permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una carga PHP en el par\u00e1metro de datos junto con un nombre de archivo .php en el par\u00e1metro de nombre de archivo. Esto ocurre porque con el producto se env\u00eda una carpeta QR/demoapp innecesaria."}], "lastModified": "2024-12-04T16:15:25.093", "sourceIdentifier": "cve@mitre.org"}