CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content.

CVSS

No CVSS.

References

Link	Resource
https://github.com/becpn/mozilocms	Exploit Third Party Advisory
https://github.com/becpn/mozilocms	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilo:mozilocms:2.0:*:*:*:*:*:*:*

History

30 Apr 2025, 16:45

Type	Values Removed	Values Added
References	~~() https://github.com/becpn/mozilocms -~~	() https://github.com/becpn/mozilocms - Exploit, Third Party Advisory
First Time		Mozilo Mozilo mozilocms
CPE		cpe:2.3:a:mozilo:mozilocms:2.0:::::::*

23 Apr 2024, 14:15

Type	Values Removed	Values Added
Summary	~~An issue discovered in moziloCMS v2.0 allows attackers to bypass file upload restrictions and run arbitrary code by changing the file extension after upload via crafted POST request.~~	An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content.

22 Apr 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-22 21:15

Updated : 2025-04-30 16:45

NVD link : CVE-2024-29368

Mitre link : CVE-2024-29368

JSON object : View

Products Affected

mozilo

mozilocms

CWE

No CWE.

JSON object

Attach tags to CVE-2024-29368

Attach tags to `CVE-2024-29368`