CVE-2024-30372

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 1336

Summary

CVE-2024-30372 is a Server-Side Template Injection vulnerability affecting Allegra's getLinkText method. This issue allows remote attackers to execute arbitrary code on affected installations, requiring authentication for exploitation. The flaw stems from insufficient user input validation, enabling attackers to inject malicious code into the template engine. The vulnerability carries a severity level of LOCAL SERVICE code execution. (ZDI-CAN-23609)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share