CVE-2024-1920

Published: Feb 27, 2024Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855.

Affected (1)

Products: Osuuu: Lightpicture

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Osuuu Lightpicture	From 1.2.0 to 1.2.2

Related CWEs

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References (8)

https://note.zhaoj.in/share/gKyCbSSdJ5fY

Source: cna@vuldb.com

Broken LinkThird Party Advisory

https://vuldb.com/?ctiid.254855

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.254855

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?submit.287588

Source: cna@vuldb.com

Third Party Advisory

https://note.zhaoj.in/share/gKyCbSSdJ5fY

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://vuldb.com/?ctiid.254855

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?id.254855

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://vuldb.com/?submit.287588

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.