CVE-2024-12951

Name of the Vulnerable Software and Affected Versions 1000 Projects Portfolio Management System MCA version 1.0

Description A critical vulnerability has been found in the 1000 Projects Portfolio Management System MCA. The issue is related to an unknown function of the file /add personal details.php, where the manipulation of the profile argument leads to unrestricted upload. This can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For version 1.0, consider restricting access to the /add personal details.php file until a patch is available. As a temporary workaround, avoid using the profile argument in the affected file to minimize the risk of exploitation.