CVE-2024-12233

Name of the Vulnerable Software and Affected Versions code-projects Online Notice Board version 1.0

Description A critical issue affects the processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely.

Recommendations For version 1.0, as a temporary workaround, consider disabling the Profile Picture Handler component until a patch is available. Restrict access to the /registration.php file to minimize the risk of exploitation. Avoid using the img argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.