CVE-2024-25802

CRITICAL

Skinsoft S-museum - Unrestricted File Upload

Title source: rule

Description

SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content.

References (1)

Core 1

Core References

Broken Link

https://shrouded-trowel-50c.notion.site/S-Museum-Version-7-02-3-Unrestricted-File-Upload-b73d4590b024449787464ddcc175b8f7?pvs=4

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 28.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

skinsoft/s-museum 7.02.3

Published Feb 22, 2024

Tracked Since Feb 18, 2026