CVE-2024-9278 | HuankeMao SCRM up to 0.0.3 Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted upload

Inserito da Angelo Barbosa | Set 27, 2024 | CVE

A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload.

This vulnerability is handled as CVE-2024-9278. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-9278 | HuankeMao SCRM up to 0.0.3 Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted upload

Post correlati

CVE-2023-51958 | Tenda AX1803 1.0.0.1 formGetIptv port stack-based overflow

VDB-269939 | Google Cloud Storage XML API/Cloud IAM HMAC Key insufficient logging

CVE-2024-32166 | Webid 1.2.1 Buy Now resource injection

CVE-2023-6051 | GitLab Community Edition/Enterprise Edition prior 16.4.4/16.5.4/16.6.2 Installation Package code injection (Issue 431345)