File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable
References
Link | Resource |
---|---|
https://gist.github.com/TERRENCE-REX/7e5dfdd3583bf9fd81196f557a8b8879 | Third Party Advisory |
https://github.com/TERRENCE-REX/CVE/issues/2 | Exploit Third Party Advisory |
Configurations
History
08 Oct 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:emiloimagtolis:online_discussion_forum:1.0:*:*:*:*:*:*:* | |
References | () https://gist.github.com/TERRENCE-REX/7e5dfdd3583bf9fd81196f557a8b8879 - Third Party Advisory | |
References | () https://github.com/TERRENCE-REX/CVE/issues/2 - Exploit, Third Party Advisory | |
First Time |
Emiloimagtolis online Discussion Forum
Emiloimagtolis |
07 Oct 2024, 19:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-434 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
07 Oct 2024, 17:48
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Oct 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-04 21:15
Updated : 2024-10-08 18:15
NVD link : CVE-2024-37869
Mitre link : CVE-2024-37869
CVE.ORG link : CVE-2024-37869
JSON object : View
Products Affected
emiloimagtolis
- online_discussion_forum
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type