CVE-2024-9278

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Sep 27, 2024
Updated: Sep 30, 2024
CWE ID 434

Summary

CVE-2024-9278 is a critical vulnerability identified in HuankeMao SCRM versions up to 0.0.3, affecting the upload_domain_verification_file function in the WxkConfig.php file of the Administrator Backend component. This flaw allows for unrestricted file uploads, which can be exploited remotely, posing a potential risk to organizations by enabling unauthorized access or manipulation of system files. The attack requires high privileges but does not necessitate user interaction, making it easier to exploit. Remediation involves updating to a patched version of HuankeMao SCRM that addresses this vulnerability. Organizations are advised to review their security configurations and implement monitoring to detect any suspicious file upload activities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share