Improper Access Control Vulnerability in Code4Berry Decoration Management System
CVE-2024-11484
6.3MEDIUM
What is CVE-2024-11484?
A severe vulnerability has been identified in the Code4Berry Decoration Management System, specifically within the User Image Handler component located at /decoration/admin/update_image.php. This vulnerability arises from improper access controls which allow an attacker to manipulate the argument productimage1. Such an exploitation can be executed remotely, posing a significant security threat to users. The flaw has been publicly disclosed, raising alarms for potential exploitation. Despite early notifications to the vendor, there has been no response regarding the mitigation or rectification of this issue.
Affected Version(s)
Decoration Management System 1.0
