CVE-2024-7906 | DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type upload unrestricted upload

Posted by Angelo Barbosa | Aug 17, 2024 | CVE

A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload.

This vulnerability was named CVE-2024-7906. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7906 | DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type upload unrestricted upload

Related Posts

CVE-2024-23539 | Apache Fineract up to 1.8.4 sql injection

CVE-2024-5744 | WP-FeedStats wp-eMember Plugin up to 10.6.6 on WordPress Attribute $_SERVER[‘REQUEST_URI’] cross site scripting

CVE-2024-3490 | WP Recipe Maker Plugin up to 9.3.1 on WordPress Shortcode wprm-recipe-roundup-item cross site scripting

CVE-2024-42031 | Huawei HarmonyOS/EMUI Settings Module access control