CVE-2024-1920

Name of the Vulnerable Software and Affected Versions osuuu LightPicture versions up to 1.2.2

Description A critical issue has been found in osuuu LightPicture, affecting the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to the use of a hard-coded cryptographic key. The attack may be initiated remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used.

Recommendations For osuuu LightPicture versions up to 1.2.2, consider disabling the function handle of the file /app/middleware/TokenVerify.php as a temporary workaround until a patch is available. Restrict access to the affected file to minimize the risk of exploitation. Avoid using the hard-coded cryptographic key in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.