CVE-2024-52450

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 98

Summary

CVE-2024-52450 is a new vulnerability affecting the nBlocks PHP application. The issue stems from improper control of filenames used in include/require statements within the software, leading to a Local File Inclusion (LFI) vulnerability. Attackers can exploit this flaw to access and read local files on the affected system. The vulnerability exists in nBlocks versions from n/a through 1.0.2, making it essential for users to apply the necessary patches or upgrades as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share