A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument avatar leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2024-6945. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.