CVE-2024-2561

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a	Exploit Third Party Advisory
https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a	Exploit Third Party Advisory
https://vuldb.com/?ctiid.257060	Permissions Required VDB Entry
https://vuldb.com/?ctiid.257060	Permissions Required VDB Entry
https://vuldb.com/?id.257060	Permissions Required VDB Entry
https://vuldb.com/?id.257060	Permissions Required VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:74cms:74cms:3.28.0:*:*:*:*:*:*:*

History

05 Mar 2025, 14:53

Type	Values Removed	Values Added
References	~~() https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a -~~	() https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?id.257060 -~~	() https://vuldb.com/?id.257060 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?ctiid.257060 -~~	() https://vuldb.com/?ctiid.257060 - Permissions Required, VDB Entry
First Time		74cms 74cms 74cms
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:a:74cms:74cms:3.28.0:::::::*

17 Mar 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-17 11:15

Updated : 2025-03-05 14:53

NVD link : CVE-2024-2561

Mitre link : CVE-2024-2561

JSON object : View

Products Affected

74cms

74cms

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a", "name": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a", "name": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.257060", "name": "VDB-257060 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.257060", "name": "VDB-257060 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.257060", "name": "VDB-257060 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.257060", "name": "VDB-257060 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-2561", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2024-03-17T11:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:74cms:74cms:3.28.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-05T14:53Z"}