CVE-2024-3117 | YouDianCMS up to 9.5.12 ChannelAction.class.php file unrestricted upload

Posted by Angelo Barbosa | Mar 30, 2024 | CVE

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file AppLibActionAdminChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2024-3117. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-3117 | YouDianCMS up to 9.5.12 ChannelAction.class.php file unrestricted upload

Related Posts

CVE-2023-22650 | SUSE Rancher up to 2.7.13/2.8.4 improper authentication

CVE-2024-33023 | Qualcomm Snapdragon Auto up to XR2 5G Platform Fence use after free

CVE-2024-6162 | Red Hat Undertow ajp-listener denial of service

CVE-2024-4389 | averta Slider & Popup Builder Plugin up to 3.1.1 on WordPress uploadFile unrestricted upload