CVE-2026-34429 in Vvveb정보

요약

\~에 의해 MITRE • 2026. 04. 20.

Vvveb prior to 1.0.8.1 contains a stored cross-site scripting vulnerability that allows authenticated users with media upload and rename permissions to execute arbitrary JavaScript by bypassing MIME type validation and renaming uploaded files to executable extensions. Attackers can prepend a GIF89a header to HTML/JavaScript payloads to bypass upload validation, rename the file to .html extension, and execute malicious scripts in an administrator's browser session to create backdoor accounts and upload malicious plugins for remote code execution.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

VulnCheck

예약하다

2026. 03. 27.

공개

2026. 04. 20.

모더레이션

수락

항목

VDB-358310

CPE

준비됨

CWE

CWE-79 (확인됨)

CVSS

5.4 (CNA)

EPSS

0.00051

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34429
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34429
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34429/

◂ 이전 개요 다음 ▸

Interested in the pricing of exploits?

See the underground prices here!