CVE-2024-1035

Name of the Vulnerable Software and Affected Versions openBI versions up to 1.0.8

Description A critical vulnerability has been found in openBI, affecting the uploadIcon function of the file /application/index/controller/Icon.php. The manipulation of the image argument leads to unrestricted upload. The attack can be initiated remotely.

Recommendations For openBI versions up to 1.0.8, consider disabling the uploadIcon function until a patch is available. Restrict access to the /application/index/controller/Icon.php file to minimize the risk of exploitation. Avoid using the image argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.