CVE-2024-52497
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-52497 is a recently disclosed vulnerability affecting the quomodosoft Shopready platform from an unknown version up to 3.5. This issue involves an improper control of filename for include/require statements in PHP programs, leading to a Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to include arbitrary local files, potentially leading to information disclosure or even code execution. This type of vulnerability can pose a significant risk to the confidentiality and integrity of affected systems. It is recommended that users of quomodosoft Shopready update their platforms to the latest available version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.