CVE-2018-17936

CRITICAL

Nuuo Cms < 3.3 - Unrestricted File Upload

Title source: rule

Description

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.

Exploits (1)

metasploit WORKING POC MANUAL

by Pedro Ribeiro <[email protected]> · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/nuuo/nuuo_cms_fu.rb

View Code ZIP pw:eip

References (1)

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Scores

CVSS v3 9.8

EPSS 0.6716

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

nuuo/nuuo_cms < 3.3

Published Nov 27, 2018

Tracked Since Feb 18, 2026