CVE-2024-8294

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 29, 2024
Updated: Aug 30, 2024
CWE ID 434

Summary

CVE-2024-8294 is a critical vulnerability affecting FeehiCMS versions up to 2.1.1, specifically within the update function of the file located at /admin/index.php?r=friendly-link%2Fupdate. The vulnerability allows for unrestricted file uploads via the manipulation of the argument FriendlyLink[image], which can be exploited remotely without requiring user interaction or authentication. This flaw poses significant risks to organizations, including potential high impacts on confidentiality, integrity, and availability of systems due to unauthorized file uploads. To remediate this issue, it is recommended that users upgrade to a patched version of FeehiCMS or implement strict input validation measures to prevent malicious file uploads. The vendor was notified of this vulnerability prior to public disclosure but did not respond.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share