CRITICAL🇵🇱 Wersja polska

CVE-2024-39243

CVSS 9.8v3.1pub. 2024-06-26upd. 2025-06-13

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.

🤖 AI Analysis
How it works

An attacker sends a crafted HTTP POST request to the /index.php?s=/admin/develop/editor_save endpoint, passing malicious input data. The application does not properly validate the submitted content, resulting in server-side code execution. The vulnerability is classified as CWE-74 (injection) and CWE-75 (improper neutralization of special elements), indicating a lack of proper data filtering in the editor save mechanism.

Impact

An attacker can remotely execute arbitrary code on the server without any authentication, which may lead to complete system compromise, data breach, and violation of application integrity and availability.

Mitigation & patch

Apply patches available from the vendor according to the references. Until the fix is applied, it is recommended to restrict access to the /index.php?s=/admin/develop/editor_save endpoint at the firewall or reverse proxy level and monitor traffic for unauthorized POST requests.

Who is affected

Skycaiji version 2.8

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Skycaiji

    APP
    Skycaiji
    2.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-44351CRITICAL9.8ten sam produkt

Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/My...

CVE-2022-28096HIGH7.2ten sam produkt

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/con...

CVE-2018-11371HIGH8.8ten sam produkt

SkyCaiji 1.2 allows CSRF to add an Administrator user.

CVE-2025-1799MEDIUM5.3ten sam produkt

A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function...

CVE-2025-1791MEDIUM5.3ten sam produkt

A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects t...