CVE-2024-9903 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.0 /admin/File/fileUpload file unrestricted upload

A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2024-9903. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

CVE-2024-9903 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.0 /admin/File/fileUpload file unrestricted upload

Post correlati

CVE-2023-6636 | Greenshift Plugin up to 7.6.2 on WordPress unrestricted upload

CVE-2023-52701 | Linux Kernel up to 6.1.12 Kernel Memory sock_recv_mark buffer overflow (863a7de987f0/2558b8039d05)

CVE-2024-24686 | libigl 2.5.0 readOFF stack-based overflow (TALOS-2024-1929)

CVE-2024-27233 | Google Android ppcfw.c ppcfw_init_secpolicy uninitialized pointer