CVE-2024-4927 | SourceCodester Simple Online Bidding System 1.0 ajax.php unrestricted upload

Posted by Angelo Barbosa | May 15, 2024 | CVE

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=save_product. The manipulation leads to unrestricted upload.

This vulnerability is known as CVE-2024-4927. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-4927 | SourceCodester Simple Online Bidding System 1.0 ajax.php unrestricted upload

Related Posts

CVE-2024-29021 | Judge0 up to 1.13.0 API server-side request forgery

CVE-2024-30234 | Wholesale Team WholesaleX Plugin up to 1.3.1 on WordPress authorization

CVE-2024-5201 | OpenText Dimensions RM up to 12.11.1.2/12.11.2.5 HTTP Request Privilege Escalation

CVE-2024-30110 | HCL DRYiCE AEX 10 information disclosure (KB0114193)