CVE-2024-12990

CVSS 2.0 Score 4 of 10 (medium)

Details

Published Dec 27, 2024

CWE ID 601

Summary

CVE-2024-12990 is a newly disclosed vulnerability affecting the Admin Verification Page component in ruifang-tech Rebuild 3.8.6. This issue, which is classified as problematic, allows for open redirect attacks through the manipulation of the nexturl argument with input such as http://localhost/evil.html. An attacker can initiate this attack remotely, making it a significant security concern. Despite early notification, the vendor has yet to respond or provide a patch, leaving affected systems potentially vulnerable to exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/19DuCI
https://www.cve.org/CVERecord?id=CVE-2024-12990
https://nvd.nist.gov/vuln/detail/CVE-2024-12990

Back to Vulnerability Database

CVE-2024-12990

CVSS 2.0 Score 4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations