CVE-2024-9855

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Oct 11, 2024
Updated: Oct 15, 2024
CWE ID 434

Summary

CVE-2024-9855 identifies a critical vulnerability in versions 1.3.8 of the products known as 07FLYCMS, 07FLY-CMS, and 07FlyCRM, specifically in the uploadFile function within the Module Plug-In Handler. The vulnerability allows for unrestricted file uploads due to improper validation of the 'file' argument, enabling remote exploitation. Attackers can leverage this flaw to upload malicious files, posing significant risks to an organization’s data integrity and security. To mitigate this vulnerability, it is recommended that organizations apply patches or workarounds to restrict file upload functionalities. The vendor was not reachable prior to the CVE assignment due to an invalid email address.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share