CVE-2024-8089

Summary

CVE-2024-8089 is a critical vulnerability affecting SourceCodester E-Commerce System version 1.0, specifically in the file located at /ecommerce/admin/products/controller.php. This vulnerability allows for unrestricted file uploads due to improper handling of the 'photo' argument, enabling attackers to execute remote exploits. The potential impact includes high integrity and confidentiality risks, as well as significant availability issues, with a CVSS score of 9.8 indicating severe consequences for affected organizations. Remediation measures should involve updating or patching the affected system to mitigate this flaw. Public disclosure of the exploit increases its urgency, emphasizing the need for immediate action by users of this e-commerce platform.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.