A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 10 Dec 2024 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Fabianros
Fabianros online Notice Board
CPEs cpe:2.3:a:fabianros:online_notice_board:1.0:*:*:*:*:*:*:*
Vendors & Products Fabianros
Fabianros online Notice Board

Mon, 09 Dec 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Kashipara
Kashipara online Notice Board System
CPEs cpe:2.3:a:kashipara:online_notice_board_system:1.0:*:*:*:*:*:*:*
Vendors & Products Kashipara
Kashipara online Notice Board System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 05 Dec 2024 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Online Notice Board Profile Picture registration.php unrestricted upload
Weaknesses CWE-284
CWE-434
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-05T16:31:04.741Z

Updated: 2024-12-09T18:53:59.612Z

Reserved: 2024-12-05T08:48:28.448Z

Link: CVE-2024-12233

cve-icon Vulnrichment

Updated: 2024-12-09T18:53:47.966Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-05T17:15:11.037

Modified: 2024-12-10T23:24:57.237

Link: CVE-2024-12233

cve-icon Redhat

No data.