CVE-2024-7506

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability.
References
Link Resource
https://github.com/CveSecLook/cve/issues/57 Exploit Third Party Advisory
https://vuldb.com/?ctiid.273649 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.273649 Third Party Advisory VDB Entry
https://vuldb.com/?submit.386053 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:angeljudesuarez:tailoring_management_system:1.0:*:*:*:*:*:*:*

History

11 Sep 2024, 20:02

Type Values Removed Values Added
First Time Angeljudesuarez tailoring Management System
Angeljudesuarez
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:angeljudesuarez:tailoring_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/CveSecLook/cve/issues/57 - () https://github.com/CveSecLook/cve/issues/57 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273649 - () https://vuldb.com/?ctiid.273649 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.273649 - () https://vuldb.com/?id.273649 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.386053 - () https://vuldb.com/?submit.386053 - Third Party Advisory, VDB Entry

06 Aug 2024, 16:30

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en el código fuente Tailoring Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /setlogo.php es afectada por esta vulnerabilidad. La manipulación del argumento bgimg conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-273649.

06 Aug 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 05:15

Updated : 2024-09-11 20:02


NVD link : CVE-2024-7506

Mitre link : CVE-2024-7506

CVE.ORG link : CVE-2024-7506


JSON object : View

Products Affected

angeljudesuarez

  • tailoring_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type