CVE-2024-11484 | Code4Berry Decoration Management System 1.0 User Image update_image.php productimage1 access control

A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The manipulation of the argument productimage1 leads to improper access controls.

This vulnerability is known as CVE-2024-11484. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11484 | Code4Berry Decoration Management System 1.0 User Image update_image.php productimage1 access control

Related Posts

CVE-2023-42832 | Apple macOS Software Update Privilege Escalation

CVE-2024-8170 | SourceCodester Zipped Folder Manager App 1.0 /endpoint/add-folder.php folder unrestricted upload

CVE-2023-20271 | Cisco Evolved Programmable Network Manager Web-based Management Interface sql injection (cisco-sa-pi-epnm-wkZJeyeq)

CVE-2024-20446 | Cisco NX-OS 8.2(11)/9.3(9)/10.2(1)/10.2(1q) DHCPv6 Relay Agent null pointer dereference (cisco-sa-nxos-dhcp6-relay-dos-znEAA6xn)