File Upload Vulnerability in Online Discussion Forum Project v.1.0 Allows Remote Code Execution
CVE-2024-37869

8.8HIGH

Key Information:

Vendor
Itsourcecode
Status
Online Discussion Forum
Vendor
CVE Published:
4 October 2024

Summary

A vulnerability has been identified within the Itsourcecode Online Discussion Forum Project version 1.0 that permits remote attackers to execute arbitrary code by exploiting improper validation in the 'poster.php' file. This occurs when an attacker uploads a malicious file using the '$_FILES' variable, bypassing security measures. Successful exploitation could enable an attacker to take control of the affected system, heightening the risk of further malicious activities.

References

https://github.com/TERRENCE-REX/CVE/issues/2
https://gist.github.com/TERRENCE-REX/7e5dfdd3583bf9fd8119...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-37869 : File Upload Vulnerability in Online Discussion Forum Project v.1.0 Allows Remote Code Execution | SecurityVulnerability.io