8.8

CVE-2024-9006

Exploit

jeanmarc77 123solar config_invt1.php code injection

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of the argument PASSOx leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. It is recommended to apply a patch to fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jeanmarc77123solar Version1.8.4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.69% 0.482
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 5.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://github.com/jeanmarc77/123solar/commit/f4a8c748ec436e5a79f91ccb6a6f73752b336aa5
Patch
https://github.com/jeanmarc77/123solar/issues/74
Third Party Advisory
Exploit
Issue Tracking
https://github.com/jeanmarc77/123solar/issues/74#issuecomment-2357653441
Third Party Advisory
Exploit
https://vuldb.com/?ctiid.278162
Permissions Required
https://vuldb.com/?id.278162
Third Party Advisory
https://vuldb.com/?submit.408298
Third Party Advisory