Unrestricted Upload of File with Dangerous Type vulnerability
CVE-2024-34411

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Canvasio3d Light
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-34411?

An unrestricted file upload vulnerability exists in canvasio3D Light, which allows attackers to upload files of dangerous types without proper validation. This flaw may lead to unauthorized access and execution of harmful scripts, compromising the security of the affected system. Users of canvasio3D Light are urged to implement the latest updates to mitigate any potential risks associated with this issue.

Affected Version(s)

canvasio3D Light <= 2.5.0

References

https://patchstack.com/database/vulnerability/canvasio3d-...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
May 3, 2024

Credit

stealthcopter (Patchstack Alliance)

WordPress

What is CVE-2024-34411?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit