Unrestricted File Upload Vulnerability in itsourcecode Alton Management System
CVE-2024-7277

7.2HIGH

Key Information:

Vendor
Itsourcecode
Status
Alton Management System
Vendor
CVE Published:
31 July 2024

Summary

The Alton Management System 1.0 by itsourcecode contains a vulnerability in the Add a Menu component, specifically within the /admin/menu.php file. This flaw allows for the manipulation of the 'image' argument, resulting in unrestricted file uploads. Attackers may remotely exploit this vulnerability, leading to potential unauthorized access to the system or execution of malicious files. Given that details of the exploit have been publicly disclosed, organizations using this software should take prompt action to secure their installations.

References

https://vuldb.com/?id.273146
https://vuldb.com/?ctiid.273146
https://vuldb.com/?submit.381095

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-7277 : Unrestricted File Upload Vulnerability in itsourcecode Alton Management System | SecurityVulnerability.io