Key Information 1. Vulnerability ID: - VDB-285499 - CVE-2024-11484 2. Affected Software: - Code4Berry Decoration Management System 1.0 3. Affected File: - /decoration/admin/update_image.php 4. Affected Component: - User Image Handler 5. Vulnerability Type: - Access Control 6. CVSS Meta Temp Score: - 6.9 7. Current Vulnerability Price: - $0-$5k 8. CTI Interest Score: - 1.78 9. Vulnerability Description: - The vulnerability affects an unknown code located in the User Image Handler component within the file /decoration/admin/update_image.php. By manipulating the parameter and using unknown input, an access control vulnerability can be triggered. This is classified under CWE-284, defined as "Improper Authorization" or "Unauthorized Access". 10. Impact: - Affects confidentiality, integrity, and availability. 11. Disclosure Status: - The vulnerability has been publicly disclosed, but the vendor has not responded. 12. Technical Details and Public Exploits: - Technical details are publicly available, and public exploits exist. 13. Attack Technique: - Attack technique is T1068, according to the MITRE ATT&CK framework. 14. Search Suggestion: - Search for “inurl:decoration/admin/update_image.php” to identify vulnerable targets. 15. Recommendation: - Replace the affected component. 16. Related Vulnerabilities: - VDB-279947 is related to this vulnerability.