CVE-2024-24572

Summary

CVE-2024-24572 is a vulnerability affecting the facileManager suite of web apps. Specifically, versions 4.5.0 and earlier are vulnerable due to unsafe handling of the $_REQUEST global array in the admin-logs.php file. This vulnerability allows an authenticated user with privileges to view site logs to manipulate sensitive variables, such as $search_sql, by appending a GET parameter in the URL. The manipulation of these variables renders checks and SQL injection prevention attempts useless. This vulnerability has a risk score of 26 and is rated as medium severity with high privileges required. The potential danger it poses to organizations includes high impact on integrity and confidentiality, with an exploitability score of 1.2. There is no user interaction required for exploitation, and it can be exploited over a network. The availability impact is none, indicating that it does not directly affect the availability of the affected products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.