Remote Code Execution Vulnerability in osuuu LightPicture
CVE-2024-1920

8.1HIGH

Key Information:

Vendor: Osuuu
Status: Lightpicture
Vendor: CVE Published:; 27 February 2024

Badges

👾 Exploit Exists

What is CVE-2024-1920?

A serious vulnerability exists in osuuu LightPicture, specifically affecting the TokenVerify.php file in versions up to 1.2.2. This issue arises due to the use of a hard-coded cryptographic key within the application logic, which compromises the integrity of the cryptographic operations. Attackers can exploit this vulnerability remotely, potentially leading to unauthorized access or execution of arbitrary code. While the complexity of executing this attack is considered high, it poses significant risks to users if left unaddressed. Organizations utilizing osuuu LightPicture should prioritize security updates and implement appropriate measures to mitigate this threat.

Affected Version(s)

LightPicture 1.2.0

LightPicture 1.2.1

LightPicture 1.2.2

References

https://vuldb.com/?id.254855

vdb-entrytechnical-description

https://vuldb.com/?ctiid.254855

signaturepermissions-required

https://note.zhaoj.in/share/gKyCbSSdJ5fY

broken-linkexploit

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 27, 2024
Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Feb 27, 2024

Credit

glzjin (VulDB User)

CVE-2024-1920 Data

JSON

Osuuu

Badges

What is CVE-2024-1920?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit