CVE-2024-41454

Medium CVSS: 6.5

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file.

Vendor

Product

CWE

CWE-434

Yayın Tarihi

2025-01-15 23:15:09

Güncelleme

2025-02-03 19:15:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 MEDIUM 2025

Referanslar

https://github.com/php-lover-boy/processmaker