CVE-2024-6945

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-6945
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6945.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-6945
Published
2024-07-21T08:15:07Z
Modified
2025-01-08T09:54:20.269092Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the component Avatar Upload Page. The manipulation of the argument avatar leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272067.

References

Affected packages

Git / github.com/flute-cms/cms

Affected ranges

Type
GIT
Repo
https://github.com/flute-cms/cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

alpha

v0.*

v0.1.0.1-alpha
v0.1.0.2-alpha
v0.1.1-alpha
v0.1.2-alpha
v0.1.2.1-alpha
v0.1.3-alpha
v0.1.3.1-alpha
v0.2.0-alpha
v0.2.1-alpha
v0.2.1.1-alpha
v0.2.1.2-alpha
v0.2.1.3-alpha
v0.2.2-alpha
v0.2.2.1-alpha
v0.2.2.2-alpha
v0.2.2.3-alpha
v0.2.2.4-alpha