CVE-2024-9904
CVSS 2.0 Score 5.8 of 10 (medium)
Details
Published Oct 13, 2024
Updated: Oct 15, 2024
CWE ID 434
Summary
CVE-2024-9904 is a critical vulnerability affecting the file upload function in versions 1.2.0 and below of 07FLYCMS, 07FLY-CMS, and 07FlyCRM. Maliciously manipulated file uploads can bypass restrictions, allowing remote attackers to upload unauthorized files. The exploit for this vulnerability has been publicly disclosed, making it a significant security concern. The affected products, also known as 07FLYCMS, 07FLY-CMS, and 07FlyCRM, have a not working vendor contact email, making it impossible to reach them for updates before the CVE assignment.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share