CVE-2024-2148

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Mar 3, 2024

Updated: Jan 2, 2025

CWE ID 203

Summary

CVE-2024-2148 is a newly disclosed critical vulnerability in SourceCodester Online Mobile Management Store 1.0. The issue lies within the /classes/Users.php file and involves manipulation of the img argument. This vulnerability enables unrestricted uploads, allowing remote attackers to exploit the system. The exploit has been made public, increasing the risk of potential attacks. VDB-255501 is the identifier assigned to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Jsrsasign Project Jsrsasign

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uPDKRc
https://www.cve.org/CVERecord?id=CVE-2024-2148
https://nvd.nist.gov/vuln/detail/CVE-2024-2148

Back to Vulnerability Database

CVE-2024-2148

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations