PT-2024-39380 · Unknown · Itsourcecode Online Bookstore

Kinsomnia

Published

2024-09-20

Updated

2025-09-26

CVE-2024-9036

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions itsourcecode Online Bookstore version 1.0

Description A critical issue affects the processing of the file admin add.php, where the manipulation of the image argument leads to unrestricted upload. The attack can be initiated remotely.

Recommendations For itsourcecode Online Bookstore version 1.0, consider disabling the upload functionality in the admin add.php file until a patch is available. Restrict access to the admin add.php file to minimize the risk of exploitation. Avoid using the image argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2024-9036

Affected Products

Itsourcecode Online Bookstore

PT-2024-39380 · Unknown · Itsourcecode Online Bookstore

CVE-2024-9036

Weakness Enumeration

Related Identifiers

Affected Products

References · 11