CVE-2024-9904 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.0 pictureUpload file unrestricted upload

CVE-2024-9904 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.2.0 pictureUpload file unrestricted upload

A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. This vulnerability was named CVE-2024-9904. The attack can be initiated remotely. Furthermore, there is an exploit available. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address.