Skip to content

Remote code execution vulnerabilities in MediaCMS

High
mgogoulos published GHSA-x3p4-4442-q2c3 Nov 8, 2024

Package

No package listed

Affected versions

< 4.1.0

Patched versions

4.1.0

Description

Impact

MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recomended to upgrade. 

The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content.

These findings have been reported by Vladimir Razov of Positive Technologies.

Patches

Patch is release in version v4.1.0, upgrade using the instructions on how to upgrade versions.

Severity

High

CVE ID

CVE-2024-52004

Weaknesses

No CWEs