CVE-2024-2690

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Mar 20, 2024
Updated: May 17, 2024
CWE ID 908

Summary

CVE-2024-2690 is a newly disclosed critical vulnerability affecting the SourceCodester Online Discussion Forum Site 1.0. The issue lies in an unknown function of the file /uupdate.php, which can be exploited through manipulation of the ima argument. This vulnerability permits unrestricted file uploads, allowing attackers to potentially install malicious code. The attack can be carried out remotely, making it a significant security risk. The exploit for this vulnerability (VDB-257388) has been made public, increasing the likelihood of it being exploited in the wild.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share