16Mar
CVE-2024-2561 | 74CMS 3.28.0 Company Logo Index.php#sendCompanyLogo imgBase64 unrestricted upload
A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the functionsendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload.
This vulnerability is handled as CVE-2024-2561. The attack may be launched remotely. Furthermore, there is an exploit available.
