CVE-2024-52497

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 98

Summary

CVE-2024-52497 is a recently disclosed vulnerability affecting the quomodosoft Shopready platform from an unknown version up to 3.5. This issue involves an improper control of filename for include/require statements in PHP programs, leading to a Local File Inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to include arbitrary local files, potentially leading to information disclosure or even code execution. This type of vulnerability can pose a significant risk to the confidentiality and integrity of affected systems. It is recommended that users of quomodosoft Shopready update their platforms to the latest available version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share