CVE-2024-8409

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 24
CWE ID 22

Summary

CVE-2024-8409 is a high-severity vulnerability found in ABCD ABCD2 versions up to 2.2.0-beta-1, affecting the file /common/show_image.php. This vulnerability allows for path traversal attacks through manipulation of the 'image' argument, enabling remote exploitation without authentication or user interaction. The confidentiality impact is rated high, as it may allow unauthorized access to sensitive files. Remediation steps are not specified, and the vendor has not responded to early disclosures regarding this issue. Organizations using affected products such as yZIDPl, yZIGa2, and yZIGa3 are urged to assess their exposure and implement necessary security measures immediately.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share