CVE-2024-54918

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 9, 2024
Updated: Dec 12, 2024
CWE ID 434

Summary

CVE-2024-54918 is a newly identified vulnerability affecting the Kashipara E-learning Management System version 1.0. This issue permits an attacker to execute arbitrary code remotely by uploading a malicious file to the /teacher_avatar.php endpoint. Successful exploitation could lead to unauthorized system access, data theft, or complete system compromise. Users are strongly advised to upgrade to a patched version or implement additional security measures to prevent potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • E-Learning Management System

Affected Vendors

  • Kashipara