TVN ID | TVN-202410015 |
---|---|
CVE ID | CVE-2024-9985 |
CVSS | 8.8 (High) CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Affected Products | Ragic Enterprise Cloud Database before version 2024/08/08 09:45:25 |
Description | Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. |
Solution | Update to version 2024/08/08 09:45:25 or later. |
Credit | Kun Xian Lin (DEVCORE) |
Public Date | 2024-10-15 |