CVE-2024-7944
Description
A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been classified as critical. Affected is the function UpdateDocumentsRequest of the file DocumentsController.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CWE
- CWE-434 — CWE-434 Unrestricted Upload
Affected
- itsourcecode / Laravel Property Management System — v=1.0 [affected]
CVSS
- 4.0 score=5.3 severity=MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N - 3.1 score=6.3 severity=MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - 3.0 score=6.3 severity=MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - 2.0 score=6.5 severity=
AV:N/AC:L/Au:S/C:P/I:P/A:P
References
- https://vuldb.com/?id.275136 vdb-entry, technical-description
- https://vuldb.com/?ctiid.275136 signature, permissions-required
- https://vuldb.com/?submit.393372 third-party-advisory
- https://github.com/DeepMountains/zzz/blob/main/CVE2-2.md exploit
Source
cvelistV5-main/cves/2024/7xxx/CVE-2024-7944.json