CVE-2024-7896

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 77

Summary

CVE-2024-7896 is a critical vulnerability affecting Tosei Online Store Management System versions 4.02, 4.03, and 4.04. This issue is related to an unidentified functionality within the file /cgi-bin/p1_ftpserver.php. The manipulation of the argument "adr_txt" allows an attacker to execute command injection. The exploit can be launched remotely, making it a significant security risk. The vulnerability has been disclosed publicly, increasing the likelihood of exploitation. Unfortunately, the vendor has not responded to early notifications about this disclosure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share