CVE-2024-3436 | SourceCodester Prison Management System 1.0 Avatar /Admin/edit-photo.php avatar unrestricted upload

Inserito da Angelo Barbosa | Apr 7, 2024 | CVE

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload.

This vulnerability was named CVE-2024-3436. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-3436 | SourceCodester Prison Management System 1.0 Avatar /Admin/edit-photo.php avatar unrestricted upload

Post correlati

CVE-2023-33327 | Teplitsa of Social Technologies Leyka Plugin up to 3.30.2 on WordPress privileges management

CVE-2024-6770 | Lifetime Free Drag & Drop Contact Form Builder for VForm Plugin cross site scripting

CVE-2024-5785 | Comtrend WLD71-T1 GRG-4280us POST Request formUserTracert os command injection

CVE-2024-45232 | Powermail EExtension up to 12.3.5 on TYPO3 confirmationAction resource injection