CVE-2024-2561 | 74CMS 3.28.0 Company Logo Index.php#sendCompanyLogo imgBase64 unrestricted upload

Posted by Angelo Barbosa | Mar 16, 2024 | CVE

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload.

This vulnerability is handled as CVE-2024-2561. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-2561 | 74CMS 3.28.0 Company Logo Index.php#sendCompanyLogo imgBase64 unrestricted upload

Related Posts

CVE-2024-23829 | aio-libs aiohttp up to 3.9.1 HTTP Parser request smuggling (GHSA-8qpw-xqxj-h4r2)

CVE-2024-5096 | Hipcam Device up to 20240511 MAC Address /log/wifi.mac information disclosure

CVE-2024-1737 | ISC BIND 9 up to 9.19.24 RR resource consumption

CVE-2023-7235 | OpenVPN up to 2.6.8 on Windows GUI Installation default permission