Critical severity9.8NVD Advisory· Published Mar 22, 2024· Updated Jun 17, 2026
CVE-2024-28441
CVE-2024-28441
Description
File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint.
Affected products
2- magicflue/magicfluedescription
Patches
Vulnerability mechanics
References
1- github.com/iamHuFei/HVVault/blob/main/webapp/%E9%AD%94%E6%96%B9%E7%BD%91%E8%A1%A8/magicflu-mailupdate-jsp-fileupload.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.