CVE-2024-48782

Name of the Vulnerable Software and Affected Versions DYCMS Open-Source Version v2.0.9.41

Description The issue allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. This weakness lets a remote attacker run any code.

Recommendations For DYCMS Open-Source Version v2.0.9.41, consider disabling the file upload feature until a patch is available to prevent remote code execution. Restrict access to the application to minimize the risk of exploitation. Avoid using the file upload functionality in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.