Unrestricted File Upload Vulnerability in DedeBIZ 6.3.0
CVE-2024-7904
Key Information:
Badges
What is CVE-2024-7904?
A vulnerability exists in DedeBIZ version 6.3.0, specifically within the file admin/file_manage_control.php, which operates as a file extension handler. This flaw allows for unrestricted file uploads through the manipulation of the upfile1 argument. Such vulnerabilities can enable attackers to upload malicious files remotely, leading to potential exploitation of the system. Given the nature of unrestricted uploads, this can facilitate various attack vectors, including remote code execution or unauthorized access to sensitive files. The issue has been publicly disclosed, raising urgent concerns for affected users and organizations. Despite evaluating the risk, the vendor has not issued a response to the disclosure, making it imperative for users to seek mitigation strategies promptly.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
DedeBIZ 6.3.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved