CVE-2024-46054

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2024
Updated: Dec 2, 2024
CWE ID 276

Summary

CVE-2024-46054 is a newly disclosed vulnerability affecting OpenVidReview version 1.0. This issue involves an Incorrect Access Control issue, where the /upload route is accessible without requiring authentication. Consequently, any unauthenticated user can take advantage of this vulnerability and upload files to the system, posing a significant risk to the security of the affected installation. Successful exploitation could result in unauthorized file modifications or data leakage. It is highly recommended that users of OpenVidReview 1.0 upgrade to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share