CVE-2024-4306

Name of the Vulnerable Software and Affected Versions HubBank version 1.0.2

Description The issue allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. This is a critical unrestricted file upload vulnerability.

Recommendations For version 1.0.2, consider disabling the upload document fields functionality until a patch is available to prevent malicious PHP file uploads. Restrict access to the upload functionality to minimize the risk of exploitation. Avoid using the upload feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.