CVE-2024-7906 | DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type upload unrestricted upload

Inserito da Angelo Barbosa | Ago 17, 2024 | CVE

A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload.

This vulnerability was named CVE-2024-7906. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7906 | DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type upload unrestricted upload

Post correlati

CVE-2024-1909 | Categorify Plugin up to 1.0.7.4 on WordPress categorifyAjaxRenameCategory cross-site request forgery

CVE-2024-0999 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setParentalRules eTime stack-based overflow

CVE-2024-49703 | MagePeople Team Event Manager for WooCommerce Plugin up to 4.2.5 on WordPress cross site scripting

CVE-2024-22817 | FlyCMS 1.0 email_conf_updagte cross-site request forgery