File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.
References
Link | Resource |
---|---|
https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed | Third Party Advisory |
https://github.com/TERRENCE-REX/CVE/issues/1 | Exploit Third Party Advisory |
Configurations
History
08 Oct 2024, 18:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:emiloimagtolis:online_discussion_forum:1.0:*:*:*:*:*:*:* | |
First Time |
Emiloimagtolis online Discussion Forum
Emiloimagtolis |
|
References | () https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed - Third Party Advisory | |
References | () https://github.com/TERRENCE-REX/CVE/issues/1 - Exploit, Third Party Advisory |
07 Oct 2024, 19:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-434 |
07 Oct 2024, 17:48
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-04 21:15
Updated : 2024-10-08 18:16
NVD link : CVE-2024-37868
Mitre link : CVE-2024-37868
CVE.ORG link : CVE-2024-37868
JSON object : View
Products Affected
emiloimagtolis
- online_discussion_forum
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type