CVE-2024-36858 | Jan 0.4.12 File /v1/app/writeFileSync unrestricted upload

Inserito da Angelo Barbosa | Giu 4, 2024 | CVE

A vulnerability, which was classified as critical, was found in Jan 0.4.12. This affects an unknown part of the file /v1/app/writeFileSync of the component File Handler. The manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2024-36858. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2024-36858 | Jan 0.4.12 File /v1/app/writeFileSync unrestricted upload

Post correlati

CVE-2024-33892 | Cosy+ prior 21.2s10/22.1s3 permission

CVE-2024-32138 | KaizenCoders Short URL Plugin up to 1.6.8 on WordPress cross site scripting

CVE-2024-25635 | alf.io prior 2.0-M4-2402 API Endpoint /admin/api/users/ unknown vulnerability (GHSA-ffr5-g3qg-gp4f)

CVE-2024-42581 | Warehouse Inventory System 2.0 delete_group.php cross-site request forgery