{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:16:13.907","vulnerabilities":[{"cve":{"id":"CVE-2024-3123","sourceIdentifier":"twcert@cert.org.tw","published":"2024-07-01T05:15:04.973","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."},{"lang":"es","value":"CHANGING la función de carga de Mobile One Time Password en una página oculta no filtra el tipo de archivo correctamente. Los atacantes remotos con privilegios de administrador pueden aprovechar esta vulnerabilidad para cargar y ejecutar archivos maliciosos para ejecutar comandos del sistema."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}