CVE-2024-9855 | 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8 Module Plug-In sysmodule_1 uploadFile file unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is known as CVE-2024-9855. The attack can be launched remotely. Furthermore, there is an exploit available.

The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

CVE-2024-9855 | 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8 Module Plug-In sysmodule_1 uploadFile file unrestricted upload

Post correlati

CVE-2024-38887 | Horizon Business Services Caterease up to 24.0.1.2405 SQL User unnecessary privileges

CVE-2024-4622 | alpitronic Hypercharger EV charger Web Interface default credentials (icsa-24-130-02)

CVE-2024-31844 | Italtel Embrace 1.6.4 path traversal

CVE-2024-35229 | matter-labs era-compiler-solidity up to 1.3.9 incorrect behavior order (GHSA-jf9w-7f5g-j95p)