CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-7328

High Severity
Youdiancms
SVRS
52/100
CVSSv3
5.3/10
EPSS
0.00086/1

CVE-2024-7328 in YouDianCMS 7 allows for information disclosure due to a problematic process in the /t.php?action=phpinfo file. This vulnerability can be exploited remotely. Despite a CVSS score of 5.3, indicating medium severity, the SVRS is 52, suggesting moderate risk. Publicly available exploits exist, increasing the likelihood of active exploitation. Successful exploitation of CVE-2024-7328 enables attackers to gain sensitive information about the system. Given the ease of exploitation and potential for reconnaissance, organizations using YouDianCMS 7 should assess and mitigate this vulnerability, even with the vendor's lack of response. The risk stems from potentially exposing internal system details.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2024-07-31
LAST MODIFIED2024-08-23
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-7328 is a problematic vulnerability in YouDianCMS 7 that allows remote attackers to disclose sensitive information by manipulating the /t.php?action=phpinfo file. The SVRS score of 50 indicates a moderate risk, highlighting the need for attention and timely mitigation.

Key Insights:

  • Information Disclosure: This vulnerability enables attackers to access sensitive information, potentially compromising system integrity and data confidentiality.
  • Remote Exploitation: The vulnerability can be exploited remotely, increasing the attack surface and making it easier for malicious actors to target systems.
  • Public Disclosure: The exploit has been publicly disclosed, making it more likely that attackers will attempt to exploit the vulnerability.

Mitigation Strategies:

  • Update Software: Apply the latest security patches from the vendor to address the vulnerability.
  • Restrict Access: Limit access to the affected file or functionality to authorized users only.
  • Implement Input Validation: Validate user input to prevent malicious manipulation of the file.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and implement intrusion detection systems to detect and block potential attacks.

Additional Information:

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: There is no evidence that this vulnerability is actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-7328 | YouDianCMS 7 /t.php information disclosure
vuldb.com2024-07-31
CVE-2024-7328 | YouDianCMS 7 /t.php information disclosure | A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-7328. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted
vuldb.com
rss
forum
news

Social Media

CVE-2024-7328 Remote Information Disclosure in YouDianCMS 7 (VDB-273251) A problematic vulnerability has been identified in YouDianCMS 7. It affects an unknown part of the file /t.php?action=phpinfo. This issue l... https://t.co/bOQQSfl7mH
0
0
0
CVE-2024-7328 A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The … https://t.co/bboXkscFAD
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppYoudiancmsyoudiancms

References

ReferenceLink
[email protected]https://vuldb.com/?ctiid.273251
[email protected]https://vuldb.com/?id.273251
[email protected]https://vuldb.com/?submit.378323
[email protected]https://wiki.shikangsi.com/post/share/ce9ce9b8-dec1-4d85-a955-8e5876cc270f
GITHUBhttps://vuldb.com/?id.273251
GITHUBhttps://wiki.shikangsi.com/post/share/ce9ce9b8-dec1-4d85-a955-8e5876cc270f

CWE Details

CWE IDCWE NameDescription
CWE-200Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence