CVE-2024-1750 | TemmokuMVC up to 2.3 Image Download lib/images_get_down.php get_img_url/img_replace deserialization

Posted by Angelo Barbosa | Feb 22, 2024 | CVE

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization.

This vulnerability is traded as CVE-2024-1750. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-1750 | TemmokuMVC up to 2.3 Image Download lib/images_get_down.php get_img_url/img_replace deserialization

Related Posts

CVE-2024-34542 | Advantech ADAM-5630 up to 2.5.1 weak encoding for password (icsa-24-270-02)

CVE-2023-52482 | Linux Kernel up to 5.15.133/6.1.55/6.5.5 on x86 srso stack-based overflow

CVE-2024-42991 | MCMS 5.4.1 unrestricted upload

CVE-2024-31136 | JetBrains TeamCity prior 2024.03 2FA improper validation of consistency within input