| |
Podatność CVE-2024-3705
Publikacja: 2024-04-12
Opis: |
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection. |
Typ:
CWE-434 (Unrestricted Upload of File with Dangerous Type)
Referencje: |
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys
|
|
|
Copyright 2024, cxsecurity.com
|
|
|