CVE-2024-52385

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 9, 2024
CWE ID 98

Summary

CVE-2024-52385 is a new vulnerability affecting the Sk. Abul Hasan Team Member software, which involves an Improper Control of Filename for Include/Require Statement in PHP programming. Hackers can exploit this PHP Remote File Inclusion (RFI) vulnerability to include and execute malicious code on affected systems. The issue has been identified in Team Member versions from n/a through 7.3, and it is crucial for users to apply the necessary patches or upgrades to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share