CVE-2024-6647 | Croogo up to 4.0.7 Setting Theme Content-Type unrestricted upload

A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument Content-Type leads to unrestricted upload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is uniquely identified as CVE-2024-6647. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-6647 | Croogo up to 4.0.7 Setting Theme Content-Type unrestricted upload

Post correlati

CVE-2024-7420 | Insert PHP Code Snippet Plugin up to 1.3.6 on WordPress cross-site request forgery

CVE-2024-9576 | Linux Workbooth 2.5 Network Configuration Script access control

CVE-2024-30398 | Juniper Junos OS up to 23.2R1-S2 Packet Forwarding Engine memory corruption (JSA79176)

CVE-2024-7304 | Ninja Tables Plugin up to 5.0.12 on WordPress SVG File Upload cross site scripting