CVE-2024-11484
CVSS 2.0 Score 6.5 of 10 (medium)
Details
Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 284
CWE ID 266
Summary
CVE-2024-11484 is a recently disclosed critical vulnerability affecting the Code4Berry Decoration Management System 1.0. This issue lies within the User Image Handler component and specifically targets an unknown functionality of the file /decoration/admin/update_image.php. The manipulation of the productimage1 argument results in inadequate access controls, allowing for remote attacks. Despite early notification, the vendor has yet to respond or provide a patch, leaving affected systems vulnerable to exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share