CVE-2024-13138

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-13138

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13138.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-13138

Published

2025-01-05T11:15:05.747Z

Modified

2025-11-20T12:23:27.243259Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/wangl1989/mysiteforme

Affected ranges

Type: GIT
Repo: https://github.com/wangl1989/mysiteforme
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6bb9a1f7f6b539f79557895d4f1c0213f9164a5c

Affected versions

v1.*

v1.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13138.json"