CVE-2024-37868

Name of the Vulnerable Software and Affected Versions Itsourcecode Online Discussion Forum Project version 1.0

Description A remote attacker can execute arbitrary code via the "sendreply.php" file due to a File Upload vulnerability. The uploaded file is received using the $FILES variable. This issue allows for unrestricted file upload, potentially leading to remote code execution. It is recommended to patch immediately and check for signs of exploit. Additionally, auditing all file uploads is advised.

Recommendations For Itsourcecode Online Discussion Forum Project version 1.0, patch the software immediately to fix the File Upload vulnerability. As a temporary workaround, consider restricting access to the "sendreply.php" file until a patch is applied. Also, restrict the use of the $FILES variable to minimize the risk of exploitation. Audit all file uploads to ensure no malicious files have been uploaded.