CVE-2024-0192

Name of the Vulnerable Software and Affected Versions RRJ Nueva Ecija Engineer Online Portal version 1.0

Description A critical vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, affecting an unknown functionality of the file downloadable.php of the component Add Downloadable. This vulnerability leads to unrestricted upload and can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For RRJ Nueva Ecija Engineer Online Portal version 1.0, consider disabling the downloadable.php file or restricting access to the Add Downloadable component until a patch is available. As a temporary workaround, restrict the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.