CVE-2024-50648: yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse...

0.0 CVSS

Description

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.

Classification

CVE ID: CVE-2024-50648

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.62% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://github.com/Yllxx03/CVE/blob/main/yshop_fileu_pload.md
https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50648

Timeline

2024-12-04 00:11:38 UTC
CVE

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse...