CVE-2024-10766

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 4, 2024

Updated: Nov 6, 2024

CWE ID 434

CWE ID 284

CWE ID 266

Summary

CVE-2024-10766 is a critical vulnerability identified in the Codezips Free Exam Hall Seating Management System 1.0. The issue arises from a flaw in the processing of the /pages/save_user.php file, which allows for unrestricted uploads when an attacker manipulates the argument image. This vulnerability can be exploited remotely, and the initial researcher disclosure has made the exploit publicly available. The specific vulnerability class and file names mentioned in the disclosure are unclear.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0L9xY_
https://www.cve.org/CVERecord?id=CVE-2024-10766
https://nvd.nist.gov/vuln/detail/CVE-2024-10766

Back to Vulnerability Database

CVE-2024-10766

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations