Arbitrary File Upload Flaw in WonderCMS Affects User Security
CVE-2024-41304

5.4MEDIUM

Key Information:

Vendor: WonderCMS
Status: WonderCMS
Vendor: CVE Published:; 30 July 2024

What is CVE-2024-41304?

An arbitrary file upload vulnerability exists in the uploadFileAction() function of WonderCMS version 3.4.3. This flaw allows attackers to upload specially crafted SVG files that can lead to the execution of arbitrary code on the server. By exploiting this vulnerability, an attacker can potentially compromise the integrity and security of the application, making it crucial for users to apply appropriate security measures and patches.

References

https://github.com/patrickdeanramos/WonderCMS-version-3.4...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2024

CVE-2024-41304 Data

JSON