CVE-2024-0649

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 17, 2024
Updated: May 17, 2024
CWE ID 918

Summary

CVE-2024-0649 is a newly disclosed critical vulnerability affecting ZhiHuiYun up to version 4.4.13. The issue lies in the function "download_network_image" of the "/app/Http/Controllers/ImageController.php" file in the component "Search." An attacker can manipulate the argument "url" to initiate server-side request forgery, potentially leading to unintended server actions. This vulnerability can be exploited remotely, making it a significant security concern. The exploit for this issue has been made public, increasing the risk of attacks. The associated identifier for this vulnerability is VDB-251375.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share