CVE-2024-37868

File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:emiloimagtolis:online_discussion_forum:1.0:*:*:*:*:*:*:*

History

08 Oct 2024, 18:16

Type Values Removed Values Added
First Time Emiloimagtolis online Discussion Forum
Emiloimagtolis
CPE cpe:2.3:a:emiloimagtolis:online_discussion_forum:1.0:*:*:*:*:*:*:*
References () https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed - () https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed - Third Party Advisory
References () https://github.com/TERRENCE-REX/CVE/issues/1 - () https://github.com/TERRENCE-REX/CVE/issues/1 - Exploit, Third Party Advisory

07 Oct 2024, 19:37

Type Values Removed Values Added
CWE CWE-434
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

07 Oct 2024, 17:48

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de carga de archivos en Itsourcecode Online Discussion Forum Project v.1.0 permite a un atacante remoto ejecutar código arbitrario a través del archivo "sendreply.php", y el archivo cargado se recibió utilizando la variable "$- FILES".

04 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-04 21:15

Updated : 2024-10-08 18:16


NVD link : CVE-2024-37868

Mitre link : CVE-2024-37868

CVE.ORG link : CVE-2024-37868


JSON object : View

Products Affected

emiloimagtolis

  • online_discussion_forum
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type