CVE-2024-0194
CodeAstro Internet Banking System Profile Picture pages_account.php unrestricted upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability.
Una vulnerabilidad fue encontrada en CodeAstro Internet Banking System hasta 1.0 y clasificada como crítica. Este problema afecta un procesamiento desconocido del archivo pages_account.php del componente Profile Picture Handler. La manipulación conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. La explotación ha sido divulgada al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-249509.
Eine Schwachstelle wurde in CodeAstro Internet Banking System bis 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei pages_account.php der Komponente Profile Picture Handler. Durch das Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-02 CVE Reserved
- 2024-01-02 CVE Published
- 2024-01-18 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.249509 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing | 2024-08-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Codeastro Search vendor "Codeastro" | Internet Banking System Search vendor "Codeastro" for product "Internet Banking System" | 1.0 Search vendor "Codeastro" for product "Internet Banking System" and version "1.0" | - |
Affected
|