CVE-2024-12954

Name of the Vulnerable Software and Affected Versions 1000 Projects Portfolio Management System MCA version 1.0

Description A critical vulnerability was found in the 1000 Projects Portfolio Management System MCA. This issue affects an unknown part of the file /update ach.php. The manipulation of the argument ach certy leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the upload functionality related to the ach certy argument in the /update ach.php file until a patch is available. Restrict access to the /update ach.php file to minimize the risk of exploitation. Avoid using the ach certy argument in the affected file until the issue is resolved.