CVE-2024-9038

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 20, 2024
Updated: Sep 26, 2024
CWE ID 434

Summary

CVE-2024-9038 is a vulnerability identified in Codezips Online Shopping Portal version 1.0, specifically affecting the insert-product.php file, which allows for unrestricted file uploads through manipulation of specific arguments (productimage1, productimage2, and productimage3). The potential danger posed by this vulnerability includes the risk of remote exploitation, leading to unauthorized access or control over the application. To remediate this issue, it is recommended that organizations implement validation checks on uploaded files to restrict file types and sizes. The vulnerability has a medium severity rating with a CVSS base score of 4.3 and low prerequisites for exploitation. Public disclosure of the exploit heightens the urgency to address this vulnerability promptly to safeguard organizational assets.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share