CVE-2024-9904 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.0 pictureUpload file unrestricted upload

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2024-9904. The attack can be initiated remotely. Furthermore, there is an exploit available.

The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

CVE-2024-9904 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.0 pictureUpload file unrestricted upload

Related Posts

CVE-2024-29959 | Brocade SANnav up to 2.3.0 Standby Node Support Save log file

CVE-2024-20496 | Cisco SD-WAN vEdge Cloud/SD-WAN vEdge Router up to 20.9.3.1 UDP Packet out-of-bounds write (cisco-sa-sdw-vedos-KqFfhps3)

CVE-2022-29966 | Emerson Ovation up to 3.8.0 FP1 missing authentication (icsa-24-158-02)

CVE-2024-4375 | Master Slider Plugin up to 3.9.10 on WordPress Shortcode ms_layer cross site scripting