A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.
History

Wed, 18 Dec 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Osuuu
Osuuu lightpicture
CPEs cpe:2.3:a:osuuu:lightpicture:*:*:*:*:*:*:*:*
Vendors & Products Osuuu
Osuuu lightpicture

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-02-27T13:31:11.311Z

Updated: 2024-08-01T18:56:22.565Z

Reserved: 2024-02-27T07:27:49.785Z

Link: CVE-2024-1920

cve-icon Vulnrichment

Updated: 2024-08-01T18:56:22.565Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-27T14:15:27.737

Modified: 2024-12-18T18:16:07.710

Link: CVE-2024-1920

cve-icon Redhat

No data.