CVE-2024-7743

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 21, 2024
CWE ID 918

Summary

CVE-2024-7743 is a newly disclosed critical vulnerability that affects the wanglongcn ltcms 1.0.20 component API Endpoint. The function "downloadUrl" located in the "/api/file/downloadUrl" path is the source of this issue. An attacker can manipulate the "file" argument to trigger server-side request forgery, enabling them to execute arbitrary commands. This vulnerability can be exploited remotely, and the exploit has been made public. Despite early outreach to the vendor, they have not responded or taken any action to address the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share