CVE-2024-9855
CVSS 3.1 Score 4.7 of 10 (medium)
Details
Summary
CVE-2024-9855 identifies a critical vulnerability in versions 1.3.8 of the products known as 07FLYCMS, 07FLY-CMS, and 07FlyCRM, specifically in the uploadFile function within the Module Plug-In Handler. The vulnerability allows for unrestricted file uploads due to improper validation of the 'file' argument, enabling remote exploitation. Attackers can leverage this flaw to upload malicious files, posing significant risks to an organization’s data integrity and security. To mitigate this vulnerability, it is recommended that organizations apply patches or workarounds to restrict file upload functionalities. The vendor was not reachable prior to the CVE assignment due to an invalid email address.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.