VYPR
High severity8.8NVD Advisory· Published Sep 27, 2024· Updated Apr 15, 2026

CVE-2024-46441

CVE-2024-46441

Description

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is not checked.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kacins/Ypayreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 1.2.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.