PT-2024-21139 · Skinsoft · Skinsoft S-Museum

Published

2024-02-22

Updated

2025-03-13

CVE-2024-25802

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SKINsoft S-Museum version 7.02.3

Description The issue allows for Unrestricted File Upload via the Add Media function. This is achieved by using the file content as the attack payload.

Recommendations For SKINsoft S-Museum version 7.02.3, consider restricting access to the Add Media function until a patch is available to prevent exploitation. As a temporary workaround, implement strict file type validation and content scanning to minimize the risk of malicious file uploads.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2024-25802

Affected Products

Skinsoft S-Museum

PT-2024-21139 · Skinsoft · Skinsoft S-Museum

CVE-2024-25802

Weakness Enumeration

Related Identifiers

Affected Products

References · 8