CVE-2024-0196

Name of the Vulnerable Software and Affected Versions Magic-Api versions up to 2.0.1

Description A critical vulnerability has been found in Magic-Api, affecting an unknown functionality of the file "/resource/file/api/save?auto=1". The manipulation leads to code injection, and the attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Magic-Api versions up to 2.0.1, consider disabling access to the "/resource/file/api/save?auto=1" endpoint until a patch is available. Restricting the use of this endpoint can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.