CVE-2024-1921

Source
https://cve.org/CVERecord?id=CVE-2024-1921
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1921.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-1921
Published
2024-02-27T15:15:07.503Z
Modified
2026-04-02T09:54:12.727440Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254856.

References

Affected packages

Git / github.com/osuuu/lightpicture

Affected ranges

Type
GIT
Repo
https://github.com/osuuu/lightpicture
Events
Database specific
{
    "versions": [
        {
            "introduced": "1.2.0"
        },
        {
            "last_affected": "1.2.2"
        }
    ]
}

Affected versions

v1.*
v1.2.0
v1.2.1
v1.2.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1921.json"