CVE-2024-51991 | October CMS up to 3.7.4 SVG File Parser unrestricted upload (GHSA-96hh-8hx5-cpw7)

Inserito da Angelo Barbosa | Mag 5, 2025 | CVE

A vulnerability was found in October CMS up to 3.7.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SVG File Parser. The manipulation leads to unrestricted upload.

This vulnerability is known as CVE-2024-51991. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-51991 | October CMS up to 3.7.4 SVG File Parser unrestricted upload (GHSA-96hh-8hx5-cpw7)

Post correlati

CVE-2024-27381 | Samsung Exynos 1330 slsi_send_action_frame_ut heap-based overflow

CVE-2018-25106 | webuidesigning NebulaX Theme up to 5.0 on WordPress libs/Legacy/Legacy.php nebula_send_to_hubspot sql injection

CVE-2024-27561 | WonderCMS 3.1.3 installUpdateThemePluginAction installThemePlugin server-side request forgery

CVE-2024-9184 | SendPulse Free Web Push Plugin up to 1.3.6 on WordPress cross site scripting