CVE-2024-13138 | wangl1989 mysiteforme 1.0 LocalUploadServiceImpl upload test unrestricted upload

Posted by Angelo Barbosa | Jan 4, 2025 | CVE

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload.

This vulnerability was named CVE-2024-13138. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-13138 | wangl1989 mysiteforme 1.0 LocalUploadServiceImpl upload test unrestricted upload

Related Posts

CVE-2024-8793 | Store Exporter for WooCommerce Plugin up to 2.7.2.1 on WordPress cross site scripting

CVE-2024-47050 | Mautic up to 4.4.12/5.1.0 Page URL cross site scripting (GHSA-73gr-32wg-qhh7)

CVE-2024-35698 | YITH WooCommerce Tab Manager Plugin up to 1.35.0 on WordPress cross site scripting

CVE-2024-1388 | Yuki Plugin up to 1.3.13 on WordPress Theme Setting authorization