File Upload Vulnerability in Online Discussion Forum Project v.1.0 Allows Remote Code Execution
CVE-2024-37869

8.8HIGH

Key Information:

Vendor: Itsourcecode
Status: Online Discussion Forum
Vendor: CVE Published:; 4 October 2024

🔔 Create Itsourcecode Vulnerability Alert

What is CVE-2024-37869?

A vulnerability has been identified within the Itsourcecode Online Discussion Forum Project version 1.0 that permits remote attackers to execute arbitrary code by exploiting improper validation in the 'poster.php' file. This occurs when an attacker uploads a malicious file using the '$_FILES' variable, bypassing security measures. Successful exploitation could enable an attacker to take control of the affected system, heightening the risk of further malicious activities.

References

https://github.com/TERRENCE-REX/CVE/issues/2

https://gist.github.com/TERRENCE-REX/7e5dfdd3583bf9fd8119...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2024