Arbitrary Code Execution Vulnerability in Online Discussion Forum Project
CVE-2024-37868

8.8HIGH

Key Information:

Vendor
Itsourcecode
Status
Online Discussion Forum
Vendor
CVE Published:
4 October 2024

Summary

A vulnerability exists in the Itsourcecode Online Discussion Forum Project version 1.0, allowing remote attackers to exploit a file upload mechanism through the sendreply.php file. By leveraging the improper handling of uploaded files via the $FILES variable, attackers can execute arbitrary code on the server. This flaw poses a significant threat, enabling unauthorized access and manipulation of server resources, warranting immediate attention and remediation.

References

https://github.com/TERRENCE-REX/CVE/issues/1
https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-37868 : Arbitrary Code Execution Vulnerability in Online Discussion Forum Project | SecurityVulnerability.io