CVE-2024-6945
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Published Jul 21, 2024
Updated: Jul 22, 2024
CWE ID 434
Summary
CVE-2024-6945 is a critical vulnerability affecting the Avatar Upload Page component in Flute CMS version 0.2.2.4-alpha. The issue lies in the file app/Core/Http/Controllers/Profile/ImagesController.php, and it allows for unrestricted uploads when the argument "avatar" is manipulated. This vulnerability can be exploited remotely, and the exploit has been made public. As a result, it is essential for Flute CMS users to apply the necessary patches or upgrades to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- CMs