CVE-2024-1750

Name of the Vulnerable Software and Affected Versions TemmokuMVC versions up to 2.3

Description A critical issue was found in the function get img url/img replace in the library lib/images get down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For TemmokuMVC versions up to 2.3, as a temporary workaround, consider disabling the get img url/img replace function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.