CVE-2024-7896
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-7896 is a critical vulnerability affecting Tosei Online Store Management System versions 4.02, 4.03, and 4.04. This issue is related to an unidentified functionality within the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument "adr_txt" allows an attacker to execute command injection. The exploit can be launched remotely, making it a significant security risk. The vulnerability has been disclosed publicly, increasing the likelihood of exploitation. Unfortunately, the vendor has not responded to early notifications about this disclosure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.