Vulnerabilities > CVE-2024-2599 - Unspecified vulnerability in Amss++ Project Amss++ 4.31

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

amss-project

NVD

Published: 2024-03-18

Updated: 2025-04-17

Summary

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.

Vulnerable Configurations

Part	Description	Count
Application	Amss\+\+_Project Amss++ Project Amss++ 4.31	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss