CVE-2024-9975

Summary

CVE-2024-9975 is a critical vulnerability that affects the SourceCodester Drag and Drop Image Upload version 1.0, specifically through the file /upload.php, allowing for unrestricted file uploads. This vulnerability can be exploited remotely without requiring user interaction, making it a significant risk for organizations using this software. The potential danger includes unauthorized execution of malicious files, which could compromise system integrity and confidentiality. To remediate this issue, it is advised to restrict file upload capabilities and implement proper validation checks on uploaded files. The vulnerability has a CVSS score of 6.3, indicating medium severity, with low privileges required for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.