CVE-2024-13138

Name of the Vulnerable Software and Affected Versions wangl1989 mysiteforme version 1.0

Description A critical issue has been found in the file upload function of the LocalUploadServiceImpl class, located at src/main/java/com/mysiteform/admin/service/ipl/. The manipulation of the test argument leads to unrestricted file upload. This issue can be exploited remotely. The exploit has been made public.

Recommendations For version 1.0, as a temporary workaround, consider disabling the file upload function in LocalUploadServiceImpl until a patch is available. Restrict access to the test argument to minimize the risk of exploitation. Avoid using the test argument in the affected file upload functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.