VYPR
High severityNVD Advisory· Published Dec 11, 2025· Updated Apr 15, 2026

CVE-2024-58295

CVE-2024-58295

Description

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elkarte/Elkartereferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =1.1.9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.