CVE-2024-0728

Published: Jan 19, 2024Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551.

Affected (1)

Products: Foru Cms Project: Foru Cms

Foru Cms Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Foru Cms Project Foru Cms	Up to 2020-06-23

Related CWEs

Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (6)

https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.251551

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.251551

Source: cna@vuldb.com

Permissions Required

https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://vuldb.com/?ctiid.251551

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?id.251551

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.