Arbitrary File Upload Flaw in WonderCMS Affects User Security
CVE-2024-41304

Currently unrated

Key Information:

Vendor: WonderCMS
Status: WonderCMS
Vendor: CVE Published:; 30 July 2024

What is CVE-2024-41304?

An arbitrary file upload vulnerability exists in the uploadFileAction() function of WonderCMS version 3.4.3. This flaw allows attackers to upload specially crafted SVG files that can lead to the execution of arbitrary code on the server. By exploiting this vulnerability, an attacker can potentially compromise the integrity and security of the application, making it crucial for users to apply appropriate security measures and patches.

References

https://github.com/patrickdeanramos/WonderCMS-version-3.4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2024