PT-2024-38154 · Unknown · Itsourcecode Society Management System

Dee.Mirage

Published

2024-07-29

Updated

2024-08-23

CVE-2024-7192

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0

Description A critical issue was found in the itsourcecode Society Management System, affecting an unknown part of the file /admin/student.php. The manipulation of the image argument leads to unrestricted upload. It is possible to initiate the attack remotely.

Recommendations For itsourcecode Society Management System version 1.0, consider disabling the upload functionality in the /admin/student.php file until a patch is available. Restrict access to the image argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2024-7192

Affected Products

Itsourcecode Society Management System

PT-2024-38154 · Unknown · Itsourcecode Society Management System

CVE-2024-7192

Weakness Enumeration

Related Identifiers

Affected Products

References · 9