CVE-2024-2604

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2604
A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md Broken Link
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md Broken Link
https://vuldb.com/?ctiid.257182 Permissions Required VDB Entry
https://vuldb.com/?ctiid.257182 Permissions Required VDB Entry
https://vuldb.com/?id.257182 Permissions Required VDB Entry
https://vuldb.com/?id.257182 Permissions Required VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:remyandrade:file_manager_app:1.0:*:*:*:*:*:*:*
History

06 Mar 2025, 15:00

Type Values Removed Values Added
CPE cpe:2.3:a:remyandrade:file_manager_app:1.0:*:*:*:*:*:*:*
First Time Remyandrade file Manager App
Remyandrade
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
References () https://vuldb.com/?ctiid.257182 - () https://vuldb.com/?ctiid.257182 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.257182 - () https://vuldb.com/?id.257182 - Permissions Required, VDB Entry
References () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md - () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md - Broken Link

18 Mar 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-18 21:15

Updated : 2025-03-06 15:00

NVD link : CVE-2024-2604

Mitre link : CVE-2024-2604

JSON object : View

Products Affected

remyandrade

  • file_manager_app
CWE

No CWE.