CVE-2024-9036

Summary

CVE-2024-9036 is a critical vulnerability identified in itsourcecode Online Bookstore version 1.0, specifically affecting the file admin_add.php. This weakness allows for unrestricted file uploads by manipulating the 'image' argument, which can be exploited remotely with low complexity and without user interaction. The potential impact includes unauthorized file uploads that may compromise the integrity and confidentiality of an organization's systems. Remediation steps should involve updating to a patched version of the software or implementing security measures to restrict file upload capabilities. Given its public disclosure, organizations using this product are at increased risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.