CVE-2024-10765

CVSS V2 None CVSS V3 None

Description

A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Overview

CVE ID
CVE-2024-10765

Assigner
VulDB

Vulnerability Status
PUBLISHED

Published Version
2024-11-04T15:31:05.931Z

Last Modified Date
2024-11-04T16:49:25.815Z

Weakness Enumerations

CWE	URL
CWE-434	http://cwe.mitre.org/data/definitions/434.html
CWE-284	http://cwe.mitre.org/data/definitions/284.html
CWE-266	http://cwe.mitre.org/data/definitions/266.html

References

Reference URL	Reference Tags
https://vuldb.com/?id.282952	vdb-entry technical-description
https://vuldb.com/?ctiid.282952	signature permissions-required
https://vuldb.com/?submit.436520	third-party-advisory
https://github.com/hbuzs/CVE/issues/1	exploit issue-tracking

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-10765
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10765

History

Created	Old Value	New Value	Data Type	Notes
2024-11-05 13:21:31				Added to TrackCVE