CVE-2024-9975
SourceCodester Drag and Drop Image Upload upload.php unrestricted upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Se ha encontrado una vulnerabilidad en SourceCodester Drag and Drop Image Upload 1.0. Se ha calificado como crítica. Este problema afecta a una funcionalidad desconocida del archivo /upload.php. La manipulación permite la carga sin restricciones. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.
Eine kritische Schwachstelle wurde in SourceCodester Drag and Drop Image Upload 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /upload.php. Mittels dem Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-10-15 CVE Reserved
- 2024-10-15 CVE Published
- 2024-10-15 CVE Updated
- 2024-10-15 First Exploit
- 2024-10-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.280340 | Vdb Entry | |
| https://vuldb.com/?submit.423445 | Third Party Advisory | |
| https://www.sourcecodester.com | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SourceCodester Search vendor "SourceCodester" | Drag And Drop Image Upload Search vendor "SourceCodester" for product "Drag And Drop Image Upload" | 1.0 Search vendor "SourceCodester" for product "Drag And Drop Image Upload" and version "1.0" | en |
Affected
| ||||||