CVE-2024-8296 | FeehiCMS up to 2.1.1 index.php insert User[avatar] unrestricted upload

Inserito da Angelo Barbosa | Ago 29, 2024 | CVE

A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload.

The identification of this vulnerability is CVE-2024-8296. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-8296 | FeehiCMS up to 2.1.1 index.php insert User[avatar] unrestricted upload

Post correlati

CVE-2024-8563 | SourceCodester PHP CRUD 1.0 /endpoint/update.php first_name/middle_name/last_name cross site scripting

CVE-2023-22656 | Intel Media SDK/oneVPL prior 23.3.5 out-of-bounds (intel-sa-00935)

CVE-2024-4593 | DedeCMS 5.7 sys_multiserv.php cross-site request forgery

CVE-2024-25214 | Employee Managment System 1.0 /alogin.html Password improper authentication