CVE-2024-1925

Name of the Vulnerable Software and Affected Versions Ctcms version 2.1.2

Description A critical issue has been identified, affecting the file ctcms/apps/controllers/admin/Upsys.php, which leads to unrestricted upload. The attack can be initiated remotely, with a rather high complexity, making exploitation difficult.

Recommendations For Ctcms version 2.1.2, consider restricting access to the Upsys.php file in the ctcms/apps/controllers/admin directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.