PT-2024-23936 · Sourcecodester · Sourcecodester Image Accordion Gallery App
Sospiro
·
Published
2024-04-01
·
Updated
2025-06-24
·
CVE-2024-3129
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Image Accordion Gallery App version 1.0
Description
A critical issue affects the /endpoint/add-image.php file, where the manipulation of the
image name argument leads to unrestricted upload. This can be initiated remotely. The issue has been publicly disclosed and may be exploited.Recommendations
For SourceCodester Image Accordion Gallery App version 1.0, consider restricting access to the /endpoint/add-image.php file until a fix is available. As a temporary workaround, limit the upload functionality to prevent unrestricted file uploads. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Image Accordion Gallery App