CVE-2024-12953

Name of the Vulnerable Software and Affected Versions 1000 Projects Portfolio Management System MCA version 1.0

Description A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown functionality of the file /update pd process.php. The manipulation of the profile argument leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the functionality related to the /update pd process.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the profile argument in the affected functionality until the issue is resolved.