CVE-2024-29368

Published: Apr 22, 2024Modified: Apr 30, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file execution or storage of malicious content.

Affected (1)

Products: Mozilo: Mozilocms

Mozilo

1 product

Mozilocms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilo Mozilocms	Version 2.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/becpn/mozilocms

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/becpn/mozilocms

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.