Unrestricted File Upload Vulnerability in Picsmize by Softpulse Infotech
CVE-2024-52380

10CRITICAL

Key Information:

Vendor: WordPress
Status: Picsmize
Vendor: CVE Published:; 14 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-52380?

The vulnerability in Picsmize from Softpulse Infotech allows attackers to upload potentially malicious files, including web shells, to the server without strict validation. This presents significant security risks as an attacker can exploit this flaw to execute unauthorized commands and potentially gain control over the affected web server. It is crucial for users to ensure that they are running the latest versions of the product and implement additional security measures to mitigate this risk.

Affected Version(s)

Picsmize 0 <= 1.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-52380
Created by RandomRobbieBF

References

https://patchstack.com/database/Wordpress/Plugin/picsmize...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 25, 2024
👾
Exploit known to exist
Nov 25, 2024
Vulnerability published
Nov 14, 2024

CVE-2024-52380 Data

JSON

WordPress

Badges

What is CVE-2024-52380?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline