go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Wellchoose Administrative Management System - Arbitrary File Upload

TVN ID TVN-202410019
CVE ID CVE-2024-10201
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products Wellchoose Administrative Management System
Description Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells.
Solution Contact the vendor to install the patch.
Credit Xin-Yue Song (CHT Security)
Public Date 2024-10-21
Top