← Zuruck zu CVEs

CVE-2024-5518

MEDIUM

6.3

Beschreibung

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266589 was assigned to this vulnerability.

CVE Details

CVSS v3.1 Bewertung6.3

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht5/30/2024

Zuletzt geandert2/11/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

emiloimagtolis:online_discussion_forum

Schwachen (CWE)

CWE-434

Referenzen

https://github.com/L1OudFd8cl09/CVE/issues/1(cna@vuldb.com)

https://vuldb.com/?ctiid.266589(cna@vuldb.com)

https://vuldb.com/?id.266589(cna@vuldb.com)

https://vuldb.com/?submit.346309(cna@vuldb.com)

https://github.com/L1OudFd8cl09/CVE/issues/1(af854a3a-2127-422b-91ae-364da2661108)

https://vuldb.com/?ctiid.266589(af854a3a-2127-422b-91ae-364da2661108)

https://vuldb.com/?id.266589(af854a3a-2127-422b-91ae-364da2661108)

https://vuldb.com/?submit.346309(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.