CVE-2024-7495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 6, 2024

Updated: Aug 19, 2024

CWE ID 434

Summary

CVE-2024-7495 is a critical vulnerability identified in the Laravel Accounting System 1.0. This issue resides in the app/Http/Controllers/HomeController.php file, and it allows for unrestricted uploads through manipulation of the 'image' argument. The vulnerability can be exploited remotely, and the exploit has been made public. As a result, it is essential for users of this software to apply a patch or upgrade to a newer version as soon as possible to protect against potential attacks. The Vulnerability Database (VDB) has assigned the identifier VDB-273621 to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xf53Ox
https://www.cve.org/CVERecord?id=CVE-2024-7495
https://nvd.nist.gov/vuln/detail/CVE-2024-7495

Back to Vulnerability Database

CVE-2024-7495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations