CVE-2024-51163

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 27, 2024
CWE ID 125

Summary

CVE-2024-51163 is a Local File Inclusion (LFI) vulnerability affecting Vegam Solutions Vegam 4i versions 6.3.47.0 and prior. This issue enables a remote attacker to access sensitive information by manipulating the filePathList parameter in the print label function. By including maliciously crafted file paths, the attacker can retrieve files from the web server, such as web.config or /etc/host, which may contain confidential data. This vulnerability poses a significant risk for information disclosure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share