Fujian mwcms vulnerability: Unrestricted upload exploit publicly disclosed
CVE-2024-7705
Key Information:
Badges
What is CVE-2024-7705?
A security flaw exists in the Fujian mwcms version 1.0.0, specifically in the image upload functionality provided by the uploadeditor component. This vulnerability arises from the improper handling of user-supplied input in the upload editor interface, located at /uploadeditor.html?action=uploadimage. By manipulating the upload request, an attacker can upload potentially malicious files to the server without appropriate restrictions in place. This can lead to various risks including arbitrary code execution, data theft, and full server compromise. The vulnerability has recently been made public, and details have been disclosed that could allow attackers to exploit this weakness remotely, further emphasizing the urgency of addressing this security issue.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
mwcms 1.0.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published