CVE-2024-4306

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Apr 29, 2024

CWE ID 434

Summary

CVE-2024-4306 is a critical vulnerability affecting HubBank version 1.0.2. This issue permits registered users to upload malicious PHP files through the document upload fields, bypassing any file size or type restrictions. Successful exploitation leads to the execution of webshells, posing a significant security risk to the system. Attackers can use this vulnerability to gain unauthorized access, steal sensitive information, or carry out further attacks. It is highly recommended that users upgrade to the latest version of HubBank to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vq_0HN
https://www.cve.org/CVERecord?id=CVE-2024-4306
https://nvd.nist.gov/vuln/detail/CVE-2024-4306

Back to Vulnerability Database

CVE-2024-4306

CVSS 3.1 Score 9.9 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations