Unknown · Farcry Core · CVE-2024-35527
**Name of the Vulnerable Software and Affected Versions**
FarCry Core framework versions prior to 7.2.14
**Description**
The issue allows attackers to execute arbitrary code via uploading a crafted .cfm file to the /fileupload/upload.cfm endpoint.
**Recommendations**
For versions prior to 7.2.14, update to version 7.2.14 or later to resolve the issue.
As a temporary workaround, consider restricting access to the /fileupload/upload.cfm endpoint until a patch is available.