CVE-2024-8170

Summary

CVE-2024-8170 is a vulnerability identified in SourceCodester Zipped Folder Manager App version 1.0, specifically affecting the file located at /endpoint/add-folder.php. The issue arises from improper handling of the 'folder' argument, allowing for unrestricted file uploads, which can be exploited remotely. This vulnerability poses a low severity risk with an exploitability score of 2.1, requiring low privileges and user interaction to execute an attack. Organizations using this application should mitigate the vulnerability by restricting file upload capabilities or applying patches if available. Failure to address this issue could potentially lead to unauthorized file uploads and other security risks within affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.