Podatność CVE-2024-41925
Publikacja: 2024-10-03   Modyfikacja: 2024-10-04

Opis:
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.

Typ:

CWE-98

 (Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion'))

 Referencje:
https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01
Copyright 2024, cxsecurity.com

 

Back to Top