CVE-2024-30372
CVSS 3.0 Score 8.8 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 1336
Summary
CVE-2024-30372 is a Server-Side Template Injection vulnerability affecting Allegra's getLinkText method. This issue allows remote attackers to execute arbitrary code on affected installations, requiring authentication for exploitation. The flaw stems from insufficient user input validation, enabling attackers to inject malicious code into the template engine. The vulnerability carries a severity level of LOCAL SERVICE code execution. (ZDI-CAN-23609)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share