CVE-2024-57408
Severity CVSS v4.0:
Pending analysis
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
10/02/2025
Last modified:
22/10/2025
Description
An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:beian.miit:cool-admin-java:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gist.github.com/kaoniniang2/2cfc83a612ba929279ed5fb8b91b45ba
- https://github.com/cool-team-official/cool-admin-java
- https://github.com/kaoniniang2/exploit/blob/main/Cool-admin-File%20upload%20vulnerability.md
- https://github.com/kaoniniang2/exploit/blob/main/Cool-admin-File%20upload%20vulnerability.md