CVE-2024-1750 | TemmokuMVC up to 2.3 Image Download lib/images_get_down.php get_img_url/img_replace deserialization

Posted by Angelo Barbosa | Feb 22, 2024 | CVE

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization.

This vulnerability is traded as CVE-2024-1750. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1750 | TemmokuMVC up to 2.3 Image Download lib/images_get_down.php get_img_url/img_replace deserialization

Related Posts

CVE-2024-9125 | king_IE Plugin up to 1.0 on WordPress SVG File Upload cross site scripting

CVE-2024-33302 | SourceCodester Product Show Room up to 1.0 Add Users Middle Name cross site scripting

CVE-2024-50206 | Linux Kernel up to 6.11.5 mtk_eth_soc memory corruption (68cd084e3ec1/88806efc034a)

CVE-2024-50090 | Linux Kernel up to 6.11.3 drm xe_bb_create_job buffer overflow (bcb5be342170/6c10ba06bb1b)