CVE-2024-47919 - Vulnerability Details - OpenCVE

Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00432.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-42517	Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Fixes

Solution

Upgrade to version 28 or later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Mon, 30 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 30 Dec 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Title		Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Weaknesses		CWE-78
References		https://www.gov.il/en/Departments/faq/cve_advisories
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2024-12-30T09:43:39.028Z

Updated: 2024-12-30T16:14:07.584Z

Reserved: 2024-10-06T07:19:12.343Z

Link: CVE-2024-47919

Vulnrichment

Updated: 2024-12-30T16:14:03.837Z

NVD

Status : Received

Published: 2024-12-30T10:15:06.377

Modified: 2024-12-30T10:15:06.377

Link: CVE-2024-47919

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47919", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "state": "PUBLISHED", "assignerShortName": "INCD", "dateReserved": "2024-10-06T07:19:12.343Z", "datePublished": "2024-12-30T09:43:39.028Z", "dateUpdated": "2024-12-30T16:14:07.584Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CMS", "vendor": "Tiki Wiki", "versions": [{"lessThan": "version 28.", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aviv Vinograzki - Peer Security LTD"}], "datePublic": "2024-12-30T09:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</p>"}], "value": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-12-30T09:43:39.028Z"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to version 28 or later</span></span><br>"}], "value": "Upgrade to version 28 or later"}], "source": {"advisory": "ILVN-2024-0212", "discovery": "UNKNOWN"}, "title": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-30T16:12:44.096060Z", "id": "CVE-2024-47919", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-30T16:14:07.584Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-30T16:12:44.096060Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-30T16:14:03.837Z"}}], "cna": {"title": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "source": {"advisory": "ILVN-2024-0212", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Aviv Vinograzki - Peer Security LTD"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Tiki Wiki", "product": "CMS", "versions": [{"status": "affected", "version": "All versions", "lessThan": "version 28.", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 28 or later", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to version 28 or later</span></span><br>", "base64": false}]}], "datePublic": "2024-12-30T09:38:00.000Z", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "supportingMedia": [{"type": "text/html", "value": "<p>Tiki Wiki CMS \u2013 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2024-12-30T09:43:39.028Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47919", "state": "PUBLISHED", "dateUpdated": "2024-12-30T16:14:07.584Z", "dateReserved": "2024-10-06T07:19:12.343Z", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "datePublished": "2024-12-30T09:43:39.028Z", "assignerShortName": "INCD"}, "dataVersion": "5.1"}