CVE-2024-3705 Information

Description

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint ‘/opengnsys/images/M_Icons.php’ modifying the file extension due to lack of file extension verification resulting in a webshell injection.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys