CVE-2024-49674

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 68.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lukashuser EKC Tournament Manager

Timeline

PublishedOct 31

Description

Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through <= 2.2.1.

Affected Packages1 packages

▶CVEListV5lukashuser/ekc_tournament_manager2.2.1

🔴Vulnerability Details

GHSA

GHSA-h45x-8r23-7cxx: Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows Upload a Web Shell to a Web Server↗2024-10-31

▶

CVEList

WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability↗2024-10-31

▶