Lucene search
MitreCVELIST:CVE-2024-36679HistoryJun 19, 2024 - 12:00 a.m.
CVE-2024-36679
2024-06-1900:00:00
mitre
www.cve.org
5
module live chat pro
all in one messaging
php code injection
predictable token
lcp::savetranslations
white writer
EPSS
0
Percentile
9.0%
In the module βModule Live Chat Pro (All in One Messaging)β (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP file.
Related
cve
cve
CVE-2024-36679
2024-06-19 21:15:57
vulnrichment
vulnrichment
CVE-2024-36679
2024-06-19 00:00:00
nvd
nvd
CVE-2024-36679
2024-06-19 21:15:57