Vulnerability CVE-2024-31845


Published: 2024-05-21

Description:
An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication.

 References:
https://www.gruppotim.it/it/footer/red-team.html

Copyright 2026, cxsecurity.com

 

Back to Top