CVE-2024-7742 | wanglongcn ltcms 1.0.20 API Endpoint /api/file/multiDownload file server-side request forgery

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery.

This vulnerability is traded as CVE-2024-7742. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7742 | wanglongcn ltcms 1.0.20 API Endpoint /api/file/multiDownload file server-side request forgery

Post correlati

CVE-2023-52597 | Linux Kernel up to 6.7.3 s390 kvm_arch_vcpu_ioctl_set_fpu memory corruption

CVE-2024-41519 | Feripro up to 2.2.3 veranstaltungen school cross site scripting

CVE-2024-5479 | JEVNET Easy Pixels Plugin up to 2.13 on WordPress cross site scripting

CVE-2023-52527 | Linux Kernel up to 6.5.6 net/ipv6/ip6_output.c _append_data buffer overflow