CVE-2024-0194

Name of the Vulnerable Software and Affected Versions CodeAstro Internet Banking System versions up to 1.0

Description A critical issue has been found in the CodeAstro Internet Banking System, affecting some unknown processing of the file pages account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For CodeAstro Internet Banking System versions up to 1.0, consider disabling the Profile Picture Handler component until a patch is available. Restrict access to the pages account.php file to minimize the risk of exploitation. Avoid using the vulnerable component for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.