CVE-2024-4825 – Unrestricted Upload of File with Dangerous Type vulnerability on Cockpit CMS from Agentejo

https://notcve.org/view.php?id=CVE-2024-4825

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure. Se ha descubierto una vulnerabilidad en Agentejo Cockpit CMS v0.5.5 que consiste en la carga de un archivo arbitrario en el parámetro '/media/api' mediante post request. Un atacante podría subir archivos al servidor, comprometiendo toda la infraestructura. • https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms • CWE-434: Unrestricted Upload of File with Dangerous Type •