CVE-2024-40482

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 12, 2024

Updated: Aug 13, 2024

CWE ID 79

Summary

CVE-2024-40482 is a newly discovered vulnerability affecting the Kashipara Live Membership System v1.0. The issue lies in the "/Membership/edit_member.php" file where an Unrestricted file upload flaw exists. This vulnerability enables attackers to upload crafted PHP files, thereby gaining the ability to execute arbitrary code on the targeted system. Successful exploitation could lead to serious security implications, including unauthorized access, data theft, or even system compromise. It is recommended that users upgrade to the latest version of the system to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w07VKR
https://www.cve.org/CVERecord?id=CVE-2024-40482
https://nvd.nist.gov/vuln/detail/CVE-2024-40482

Back to Vulnerability Database

CVE-2024-40482

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations