PT-2024-21287 · Sourcecodester · Sourcecodester File Manager App
Joshua Lictan
+1
·
Published
2024-03-18
·
Updated
2024-05-17
·
CVE-2024-2604
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester File Manager App version 1.0
Description
A critical issue has been found in the SourceCodester File Manager App, affecting the /endpoint/update-file.php file. The manipulation of the
file argument leads to unrestricted upload. This issue can be exploited remotely.Recommendations
For SourceCodester File Manager App version 1.0, consider disabling the /endpoint/update-file.php endpoint until a patch is available to prevent unrestricted file uploads. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the
file argument in the affected endpoint until the issue is resolved.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester File Manager App