CVE-2024-9855 | 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8 Module Plug-In sysmodule_1 uploadFile file unrestricted upload

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is known as CVE-2024-9855. The attack can be launched remotely. Furthermore, there is an exploit available.

The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

CVE-2024-9855 | 07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8 Module Plug-In sysmodule_1 uploadFile file unrestricted upload

Post correlati

CVE-2024-22919 | SWFTools 0.9.2 swftools/src/swfc.c parseExpression buffer overflow (Issue 209)

CVE-2024-6192 | itsourcecode Loan Management System 1.0 Login Page login.php username sql injection

CVE-2024-5403 | Askey 5G NR Small Cell 2.1 V6 os command injection

CVE-2024-7963 | CMSMasters Content Composer Plugin up to 1.8.8 on WordPress Shortcode cross site scripting