Unrestricted File Upload Vulnerability in SourceCodester Online Discussion Forum Site
CVE-2024-4920

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Online Discussion Forum Site
Vendor: CVE Published:; 16 May 2024

Summary

A vulnerability affecting the SourceCodester Online Discussion Forum Site version 1.0 has been identified, leading to unrestricted file upload due to improper handling of user input in the registerH.php script. This vulnerability allows attackers to remotely execute arbitrary code by uploading malicious files without adequate validation checks. As this issue has been made publicly known, it poses a significant risk to users and administrators, who are advised to apply necessary security measures immediately to mitigate the potential for exploitation.

References

https://vuldb.com/?id.264455

https://vuldb.com/?ctiid.264455

https://vuldb.com/?submit.333477

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024