CVE-2024-8296

Summary

CVE-2024-8296 is a critical vulnerability affecting FeehiCMS versions up to 2.1.1, specifically in the insert function of /admin/index.php?r=user%2Fcreate, leading to unrestricted file uploads through manipulation of the User[avatar] argument. This vulnerability can be exploited remotely without requiring user interaction or elevated privileges, posing significant risks such as unauthorized file uploads that may compromise confidentiality and integrity. The exploit has been publicly disclosed, increasing the urgency for remediation. Organizations using affected versions should upgrade to a patched release or implement security measures to restrict file uploads until a fix is available. The CVSS base score for this vulnerability is 9.8, indicating its critical nature and potential impact on system security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.