CVE-2024-7495

State: PUBLISHED · Published: 2024-08-06 · Updated: 2024-08-07 · Assigner: VulDB

Description

A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. This affects an unknown part of the file app/Http/Controllers/HomeController.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273621 was assigned to this vulnerability.

CWE

CWE-434 — CWE-434 Unrestricted Upload

Affected

itsourcecode / Laravel Accounting System — v=1.0 [affected]

CVSS

4.0 score=5.3 severity=MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.1 score=6.3 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.0 score=6.3 severity=MEDIUM CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.0 score=6.5 severity= AV:N/AC:L/Au:S/C:P/I:P/A:P

References

https://vuldb.com/?id.273621 vdb-entry, technical-description
https://vuldb.com/?ctiid.273621 signature, permissions-required
https://vuldb.com/?submit.385829 third-party-advisory
https://github.com/DeepMountains/Mirage/blob/main/CVE13-1.md exploit

Source

cvelistV5-main/cves/2024/7xxx/CVE-2024-7495.json