CVE-2024-8295

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 29, 2024
Updated: Aug 30, 2024
CWE ID 434

Summary

CVE-2024-8295 is a critical vulnerability affecting FeehiCMS versions up to 2.1.1, specifically in the createBanner function located in the /admin/index.php?r=banner%2Fbanner-create file. It allows for unrestricted file uploads through manipulation of the BannerForm[img] argument, which can be exploited remotely without requiring user interaction or elevated privileges. The potential risks include severe impacts on confidentiality, integrity, and availability of affected systems, with a high likelihood of exploitation given its low attack complexity. Remediation measures should involve upgrading to a patched version of FeehiCMS or implementing strict file validation and upload controls to mitigate the risk of malicious file uploads. As of now, the vendor has not responded to disclosures regarding this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share