A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key
. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Osuuu
Osuuu lightpicture |
|
CPEs | cpe:2.3:a:osuuu:lightpicture:*:*:*:*:*:*:*:* | |
Vendors & Products |
Osuuu
Osuuu lightpicture |
MITRE
Status: PUBLISHED
Assigner: VulDB
Published: 2024-02-27T13:31:11.311Z
Updated: 2024-08-01T18:56:22.565Z
Reserved: 2024-02-27T07:27:49.785Z
Link: CVE-2024-1920
Vulnrichment
Updated: 2024-08-01T18:56:22.565Z
NVD
Status : Analyzed
Published: 2024-02-27T14:15:27.737
Modified: 2024-12-18T18:16:07.710
Link: CVE-2024-1920
Redhat
No data.