CVE-2024-49649

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 7, 2025

Updated: Feb 5, 2025

CWE ID 829

CWE ID 98

Summary

CVE-2024-49649 is a new vulnerability affecting Abdul Hakeem Build App Online. This issue involves improper control of filename usage in PHP include/require statements, leading to a Local File Inclusion vulnerability. Malicious actors can exploit this weakness to gain unauthorized access to sensitive data or execute arbitrary code on affected systems. The vulnerability spans from the unspecified version through 1.0.23. System administrators are urged to patch their Build App Online installations promptly to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zk7bxN
https://www.cve.org/CVERecord?id=CVE-2024-49649
https://nvd.nist.gov/vuln/detail/CVE-2024-49649

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2024-49649

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations