Arbitrary Code Execution Vulnerability in Online Discussion Forum Project
CVE-2024-37868
8.8HIGH
What is CVE-2024-37868?
A vulnerability exists in the Itsourcecode Online Discussion Forum Project version 1.0, allowing remote attackers to exploit a file upload mechanism through the sendreply.php file. By leveraging the improper handling of uploaded files via the $FILES variable, attackers can execute arbitrary code on the server. This flaw poses a significant threat, enabling unauthorized access and manipulation of server resources, warranting immediate attention and remediation.