CVE-2024-2690
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-2690 is a newly disclosed critical vulnerability affecting the SourceCodester Online Discussion Forum Site 1.0. The issue lies in an unknown function of the file /uupdate.php, which can be exploited through manipulation of the ima argument. This vulnerability permits unrestricted file uploads, allowing attackers to potentially install malicious code. The attack can be carried out remotely, making it a significant security risk. The exploit for this vulnerability (VDB-257388) has been made public, increasing the likelihood of it being exploited in the wild.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.