Vulnerability Details CVE-2024-35373
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 84.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://chocapikk.com/posts/2024/mocodo-vulnerabilities/
- https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/rewrite.php#L45
- https://chocapikk.com/posts/2024/mocodo-vulnerabilities/
- https://github.com/laowantong/mocodo/blob/11ca879060a68e06844058cd969c6379214cc2a8/web/rewrite.php#L45
Products affected by CVE-2024-35373
-
cpe:2.3:a:mocodo:mocodo_online:4.0.11
-
cpe:2.3:a:mocodo:mocodo_online:4.0.13
-
cpe:2.3:a:mocodo:mocodo_online:4.0.14
-
cpe:2.3:a:mocodo:mocodo_online:4.0.8
-
cpe:2.3:a:mocodo:mocodo_online:4.2.6