What is CVE-2018-17936?

CVE-2018-17936 is a vulnerability in Nuuo Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2018-11-27.

Is CVE-2018-17936 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Nuuo Cms

CVE-2018-17936

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.

Vulnerability class: Unrestricted File Upload

EPSS: 0.672 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a Nuuo Cms — versions All versions 3.3 and prior

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ics-cert.us-cert.gov/advisories/ICSA-18-284-02 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-17936?: CVE-2018-17936 is a vulnerability in Nuuo Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2018-11-27.
Is CVE-2018-17936 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.