CVE-2024-29368

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content.

CVSS

No CVSS.

References

Link	Resource
https://github.com/becpn/mozilocms

Configurations

No configuration.

History

23 Apr 2024, 14:15

Type	Values Removed	Values Added
Summary	~~(en) An issue discovered in moziloCMS v2.0 allows attackers to bypass file upload restrictions and run arbitrary code by changing the file extension after upload via crafted POST request.~~	(en) An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content.

23 Apr 2024, 12:52

Type	Values Removed	Values Added
Summary		(es) Un problema descubierto en moziloCMS v2.0 permite a los atacantes eludir las restricciones de carga de archivos y ejecutar código arbitrario cambiando la extensión del archivo después de la carga mediante una solicitud POST manipulada.

22 Apr 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-22 21:15

Updated : 2024-04-23 14:15

NVD link : CVE-2024-29368

Mitre link : CVE-2024-29368

CVE.ORG link : CVE-2024-29368

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-29368

Attach tags to `CVE-2024-29368`