Unrestricted Upload of File with Dangerous Type vulnerability
CVE-2024-34411

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Canvasio3d Light
Vendor: CVE Published:; 14 May 2024

Summary

An unrestricted file upload vulnerability exists in canvasio3D Light, which allows attackers to upload files of dangerous types without proper validation. This flaw may lead to unauthorized access and execution of harmful scripts, compromising the security of the affected system. Users of canvasio3D Light are urged to implement the latest updates to mitigate any potential risks associated with this issue.

Affected Version(s)

canvasio3D Light <= 2.5.0

References

https://patchstack.com/database/vulnerability/canvasio3d-...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
May 3, 2024

Credit

stealthcopter (Patchstack Alliance)