CVE-2024-1353

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 9, 2024

Updated: May 17, 2024

CWE ID 502

Summary

CVE-2024-1353 is a critical vulnerability affecting PHPEMS versions up to 1.0. The issue lies in the index function of the file app/weixin/controller/index.api.php, which can be exploited through manipulation of the picurl argument. This results in deserialization, making the vulnerability publicly disclosed and potentially exploitable. VDB-253226 is the identifier assigned to this security concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ucyVJf
https://www.cve.org/CVERecord?id=CVE-2024-1353
https://nvd.nist.gov/vuln/detail/CVE-2024-1353

Back to Vulnerability Database

CVE-2024-1353

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations