Eladmin
CVE-2024-7458
MEDIUM
Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vuldb) · only source for this CVE.
CVSS VectorVendor: vuldb
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551.
AnalysisAI
A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-27. A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551. Affected products include: Eladmin. Version information: up to 2.7.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrar
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deploy
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password
A Server-Side Request Forgery (SSRF) vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployControl
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Rated medium severity
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code v
A vulnerability was identified in elunez eladmin up to 2.7. Rated medium severity (CVSS 6.3), this vulnerability is remo
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Rated medium severity
A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Rated medium severity (CVSS
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Rated critical severity (CVSS 9.8), t
Same weakness CWE-27 – Path Traversal: 'dir/../../filename'
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today