CVE-2024-32491 | Znuny up to 7.0.16 DB.pm FormIDAddFile Filename unrestricted upload (ZSA-2024-01)

Inserito da Angelo Barbosa | Apr 27, 2024 | CVE

A vulnerability, which was classified as critical, was found in Znuny up to 7.0.16. This affects the function FormIDAddFile of the file Kernel/System/Web/UploadCache/DB.pm. The manipulation of the argument Filename leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2024-32491. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-32491 | Znuny up to 7.0.16 DB.pm FormIDAddFile Filename unrestricted upload (ZSA-2024-01)

Post correlati

CVE-2024-7262 | Kingsoft WPS Office up to 12.2.0.13489 on Windows Hyperlink promecefpluginhost.exe path traversal

CVE-2024-10002 | Rover IDX Plugin up to 3.0.0.2905 on WordPress improper authentication

CVE-2024-8214 | D-Link DNS-1550-04 up to 20240814 /cgi-bin/hd_config.cgi cgi_FMT_Std2R5_2nd_DiskMGR f_source_dev command injection (SAP10383)

CVE-2023-4960 | WCFM Marketplace Plugin up to 3.6.2 on WordPress Shortcode cross site scripting