{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7450","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-08-03T06:48:55.215Z","datePublished":"2024-08-04T03:00:09.243Z","dateUpdated":"2024-08-07T18:01:05.387Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-08-04T03:00:09.243Z"},"title":"itsourcecode Placement Management System Image resume_upload.php unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"CWE-434 Unrestricted Upload"}]}],"affected":[{"vendor":"itsourcecode","product":"Placement Management System","versions":[{"version":"1.0","status":"affected"}],"modules":["Image Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273541 was assigned to this vulnerability."},{"lang":"de","value":"In itsourcecode Placement Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /resume_upload.php der Komponente Image Handler. Durch Manipulation des Arguments fileToUpload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6,"vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-08-03T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-08-03T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-08-03T08:54:11.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Dee.Mirage (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.273541","name":"VDB-273541 | itsourcecode Placement Management System Image resume_upload.php unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.273541","name":"VDB-273541 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.383860","name":"Submit #383860 | Itsourcecode Placement Management System 1.0 FileUpload","tags":["third-party-advisory"]},{"url":"https://github.com/DeepMountains/Mirage/blob/main/CVE11-2.md","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"itsourcecode","product":"placement_management_system","cpes":["cpe:2.3:a:itsourcecode:placement_management_system:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-07T17:52:12.358747Z","id":"CVE-2024-7450","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-07T18:01:05.387Z"}}]}}