CVE-2024-41617

Name of the Vulnerable Software and Affected Versions Money Manager EX WebApp versions 1.2.2

Description The issue is related to Incorrect Access Control. The redirect if not loggedin function in functions security.php fails to terminate script execution after redirecting unauthenticated users. This flaw allows an unauthenticated attacker to upload arbitrary files, potentially leading to Remote Code Execution.

Recommendations For version 1.2.2, as a temporary workaround, consider disabling the redirect if not loggedin function in functions security.php until a patch is available. Restrict access to file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.