CVE-2024-8170

A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rems:zipped_folder_manager_app:1.0:*:*:*:*:*:*:*

History

27 Aug 2024, 16:02

Type Values Removed Values Added
References () https://github.com/jadu101/CVE/blob/main/SourceCodester_Zipped_Folder_Manager_App_File_Upload.md - () https://github.com/jadu101/CVE/blob/main/SourceCodester_Zipped_Folder_Manager_App_File_Upload.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.275769 - () https://vuldb.com/?ctiid.275769 - Permissions Required
References () https://vuldb.com/?id.275769 - () https://vuldb.com/?id.275769 - Permissions Required
References () https://vuldb.com/?submit.397719 - () https://vuldb.com/?submit.397719 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 9.8
First Time Rems zipped Folder Manager App
Rems
CPE cpe:2.3:a:rems:zipped_folder_manager_app:1.0:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad ha sido encontrada en SourceCodester Zipped Folder Manager App 1.0 y clasificada como problemática. Esto afecta a una parte desconocida del archivo /endpoint/add-folder.php. La manipulación de la carpeta de argumentos conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

26 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 16:15

Updated : 2024-08-27 16:02


NVD link : CVE-2024-8170

Mitre link : CVE-2024-8170

CVE.ORG link : CVE-2024-8170


JSON object : View

Products Affected

rems

  • zipped_folder_manager_app
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type