CVE-2024-3803

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 15, 2024
Updated: May 17, 2024
CWE ID 190

Summary

CVE-2024-3803 is a critical vulnerability affecting Vesystem Cloud Desktop versions up to 20240408. The issue lies within the unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php, which results in an unrestricted upload. An attacker can exploit this remotely by manipulating the argument file. The vulnerability identification number for this issue is VDB-260776. Notably, the vendor was contacted regarding this disclosure but did not respond, leaving the exploit publicly available and potentially in use.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share