Unrestricted Upload Vulnerability in osuuu LightPicture Application
CVE-2024-1921

9.8CRITICAL

Key Information:

Vendor: Osuuu
Status: Lightpicture
Vendor: CVE Published:; 27 February 2024

Badges

👾 Exploit Exists

What is CVE-2024-1921?

A significant vulnerability exists within the osuuu LightPicture application that allows for unrestricted file uploads. This flaw originates from an unprotected function in the Setup.php file, potentially permitting malicious users to upload arbitrary files to the server. The vulnerability can be exploited remotely, posing a serious risk to application integrity and data security. Public disclosure of the exploit has increased the urgency for affected users to implement immediate remediation measures. It is crucial for organizations utilizing LightPicture versions up to 1.2.2 to review their security protocols and apply necessary updates or restrictions to safeguard against potential attacks.

Affected Version(s)

LightPicture 1.2.0

LightPicture 1.2.1

LightPicture 1.2.2

References

https://vuldb.com/?id.254856

vdb-entry

https://vuldb.com/?ctiid.254856

signaturepermissions-required

https://note.zhaoj.in/share/FeCRflSHPLbj

broken-linkexploit

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 27, 2024
Vulnerability published
Feb 27, 2024
Vulnerability Reserved
Feb 27, 2024

Credit

glzjin (VulDB User)

CVE-2024-1921 Data

JSON

Osuuu

Badges

What is CVE-2024-1921?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit