CVE-2024-24572

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 31, 2024
Updated: Feb 7, 2024
CWE ID 89

Summary

CVE-2024-24572 is a vulnerability affecting the facileManager suite of web apps. Specifically, versions 4.5.0 and earlier are vulnerable due to unsafe handling of the $_REQUEST global array in the admin-logs.php file. This vulnerability allows an authenticated user with privileges to view site logs to manipulate sensitive variables, such as $search_sql, by appending a GET parameter in the URL. The manipulation of these variables renders checks and SQL injection prevention attempts useless. This vulnerability has a risk score of 26 and is rated as medium severity with high privileges required. The potential danger it poses to organizations includes high impact on integrity and confidentiality, with an exploitability score of 1.2. There is no user interaction required for exploitation, and it can be exploited over a network. The availability impact is none, indicating that it does not directly affect the availability of the affected products.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-24572 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options