CVE-2024-7899

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 94

Summary

CVE-2024-7899: A critical code injection vulnerability has been identified in InnoCMS 0.3.1. The issue is related to the processing of the /panel/pages/1/edit file in the Backend component. The manipulation of this file allows for remote code execution, making it a significant security risk. The exploit for this vulnerability has been disclosed publicly, increasing the threat level. Unfortunately, the vendor has not responded to reports about this disclosure, leaving users exposed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share