CVE-2024-9904

Summary

CVE-2024-9904 is a critical vulnerability affecting versions up to 1.2.0 of 07FLYCMS, 07FLY-CMS, and 07FlyCRM, specifically within the pictureUpload function in the /admin/File/pictureUpload file. This vulnerability allows for unrestricted file uploads through a manipulation of the argument "file," which can be exploited remotely. The potential danger includes unauthorized access or control over the affected systems, as the exploit has been publicly disclosed and may be actively utilized by attackers. Organizations using these products should implement remediation measures such as disabling the vulnerable function or applying available patches, if any are provided by the vendor. Due to communication issues with the vendor prior to assigning this CVE, no official remediation guidance has been issued.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.