CVE-2024-6950 | Prain up to 1.3.0 HTTP POST Request /?import file code injection

Posted by Angelo Barbosa | Jul 20, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Prain up to 1.3.0. Affected by this issue is some unknown functionality of the file /?import of the component HTTP POST Request Handler. The manipulation of the argument file leads to code injection.

This vulnerability is handled as CVE-2024-6950. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2024-6950 | Prain up to 1.3.0 HTTP POST Request /?import file code injection

Related Posts

CVE-2023-51521 | ExpressTech Quiz and Survey Master Plugin up to 8.1.18 on WordPress cross-site request forgery

CVE-2024-26648 | Linux Kernel up to 6.6.14/6.7.2 display edp_setup_replay null pointer dereference (22ae604aea14/c02d257c6541/7073934f5d73)

CVE-2024-4879 | ServiceNow Now Platform improper validation of specified type of input (KB1645154)

CVE-2023-50835 | Praveen Goswami Advanced Category Template Plugin up to 0.1 on WordPress cross-site request forgery