Arbitrary file upload in Elkarte Forum
CVE-2024-58295
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing…
Vulnerability class: Unrestricted File Upload
EPSS: 0.005 (37.1th percentile) — read the EPSS interpretation.
Affected products
- Elkarte Forum — versions 1.1.9
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)