CVE-2024-1920

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 27, 2024
Updated: Dec 18, 2024
CWE ID 321

Summary

CVE-2024-1920 is a critical vulnerability affecting osuuu LightPicture up to version 1.2.2. The issue lies within the /app/middleware/TokenVerify.php file's handle function, which contains a hard-coded cryptographic key. An attacker can exploit this remotely, leading to potential security breaches. The complexity of an attack is relatively high, and the exploit has been disclosed publicly, increasing the risk for potential exploitation. The associated identifier for this vulnerability is VDB-254855.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share