CVE-2024-10765

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 4, 2024
Updated: Nov 6, 2024
CWE ID 434
CWE ID 284
CWE ID 266

Summary

CVE-2024-10765 is a critical vulnerability identified in Codezips Online Institute Management System versions up to 1.0. The issue lies within the /profile.php file, where an argument named old_image can be manipulated for unrestricted file uploads. This vulnerability allows remote attackers to exploit the system, and the exploit has been made public.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share