CVE-2022-24983

Name of the Vulnerable Software and Affected Versions JQueryForm.com versions prior to 2022-02-05

Description The issue allows remote attackers to obtain the URI to any uploaded file by capturing the POST response. This can be chained with another issue to potentially lead to unauthenticated remote code execution on the underlying web server. The problem occurs because the Unique ID field is contained in the POST response upon submitting a form.

Recommendations For versions prior to 2022-02-05, consider restricting access to the form submission endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the Unique ID field in the POST response until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.