CVE-2024-48646
Last modified
CVE-2024-48646 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the server, leading to further system compromise.. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the server, leading to further system compromise.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sage | Sage Frp 1000 | 7.0.0 |
References
- https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-48646?
How severe is CVE-2024-48646?
How do I fix CVE-2024-48646?
Are you affected by CVE-2024-48646?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST