How severe is CVE-2024-9904?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-9904?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2024-9904 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.

Related Vulnerabilities

CVE-2022-4732

MEDIUM

CVSS:4.7(Medium)

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.3.2.

CWE-4342022

CVE-2023-6794

MEDIUM

CVSS:4.7(Medium)

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentia...

CWE-4342023

CVE-2024-3117

MEDIUM

CVSS:4.7(Medium)

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the a...

CWE-4342024

CVE-2024-3444

MEDIUM

CVSS:4.7(Medium)

A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the...

CWE-4342024

CVE-2024-3521

MEDIUM

CVSS:4.7(Medium)

A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestat...

CWE-4342024

CVE-2024-45644

MEDIUM

CVSS:4.7(Medium)

IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CWE-4342024