CVE-2024-6947

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Jul 21, 2024

Updated: Jul 22, 2024

CWE ID 94

Summary

CVE-2024-6947 is a critical vulnerability affecting Flute CMS 0.2.2.4-alpha. The issue lies within the Notification Handler's ContentParser.php file and specifically the replaceContent function. This manipulation enables code injection, allowing remote attackers to exploit the vulnerability. The exploit has been made public, increasing the risk of potential attacks. The Vulnerability Database (VDB) has assigned identifier VDB-272069 to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xIhMNk
https://www.cve.org/CVERecord?id=CVE-2024-6947
https://nvd.nist.gov/vuln/detail/CVE-2024-6947

Back to Vulnerability Database

CVE-2024-6947

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations