CVE-2024-2690

CWE-434 — Unrestricted File Upload CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 50.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Online Discussion Forum Site Razormist Online Discussion Forum Site

Timeline

PublishedMar 20

Latest updateOct 21

Description

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/online_discussion_forum_site1.0

▶NVDrazormist/online_discussion_forum_site1.0

🔴Vulnerability Details

CVEList

SourceCodester Online Discussion Forum Site uupdate.php unrestricted upload↗2024-03-20

▶

GHSA

GHSA-9p5f-8c7x-7c7j: A vulnerability was found in SourceCodester Online Discussion Forum Site 1↗2024-03-20

▶

📋Vendor Advisories

Red Hat

kernel: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer↗2024-10-21

▶