CVE-2024-1925

CVSS 2.0 Score 4.6 of 10 (medium)

Details

Published Feb 27, 2024
Updated: May 17, 2024
CWE ID 434

Summary

CVE-2024-1925 is a newly disclosed critical vulnerability affecting Ctcms 2.1.2. The issue lies within the unknown code of the file ctcms/apps/controllers/admin/Upsys.php, allowing for unrestricted upload. This vulnerability can be exploited remotely, making it a significant concern. The complexity of an attack is relatively high, and the exploitation process is reportedly difficult. However, the exploit has been made public, increasing the risk of potential attacks. Vulnerability database VDB has assigned the identifier VDB-254860 to this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share