CVE-2024-7066

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 24, 2024
CWE ID 78

Summary

CVE-2024-7066 is a critical vulnerability affecting F-logic DataCube3 version 1.0. The issue lies in the HTTP POST Request Handler's component, specifically the /admin/config_time_sync.php file. Manipulation of the ntp_server argument in this file can result in os command injection. Attacks can be executed remotely, making this a significant risk. The vulnerability has been disclosed to the public, increasing the threat of exploitation. The associated identifier for this issue is VDB-272347.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share