CVE-2024-7917

Name of the Vulnerable Software and Affected Versions DouPHP version 1.7 Release 20220822

Description A critical issue has been found in the Favicon Handler component of DouPHP, affecting some unknown functionality of the file /admin/system.php. The manipulation of the site favicon argument leads to unrestricted upload. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used.

Recommendations As a temporary workaround, consider disabling the Favicon Handler component until a patch is available. Restrict access to the /admin/system.php file to minimize the risk of exploitation. Avoid using the site favicon argument in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.