CVE-2024-6945

Name of the Vulnerable Software and Affected Versions Flute CMS version 0.2.2.4-alpha

Description A critical issue affects the Avatar Upload Page component, specifically the file app/Core/Http/Controllers/Profile/ImagesController.php. The manipulation of the avatar argument leads to unrestricted upload. This issue can be initiated remotely. The exploit has been disclosed to the public.

Recommendations For Flute CMS version 0.2.2.4-alpha, as a temporary workaround, consider disabling the avatar upload functionality until a patch is available. Restrict access to the Avatar Upload Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.