CVE-2024-0649
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-0649 is a newly disclosed critical vulnerability affecting ZhiHuiYun up to version 4.4.13. The issue lies in the function "download_network_image" of the "/app/Http/Controllers/ImageController.php" file in the component "Search." An attacker can manipulate the argument "url" to initiate server-side request forgery, potentially leading to unintended server actions. This vulnerability can be exploited remotely, making it a significant security concern. The exploit for this issue has been made public, increasing the risk of attacks. The associated identifier for this vulnerability is VDB-251375.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.