CVE-2024-52401

CVSS 3.1 Score 9.6 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 20, 2024
CWE ID 352

Summary

CVE-2024-52401: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Hacklog DownloadManager, allowing an attacker to upload a web shell to a targeted web server. This issue affects versions of Hacklog DownloadManager from n/a to 2.1.4. An attacker can exploit this vulnerability by tricking an unsuspecting user into performing an action on a malicious site, leading to the unintended execution of malicious code on the targeted web server. This vulnerability poses a significant risk to web servers using the affected version of Hacklog DownloadManager and highlights the importance of keeping software up to date with the latest security patches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share