CVE-2024-9275

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Sep 27, 2024
Updated: Sep 30, 2024
CWE ID 73

Summary

CVE-2024-9275 is a critical vulnerability found in the 123solar software by jeanmarc77, affecting versions up to 1.8.4.5. The vulnerability arises from improper handling of the PROTOCOLx argument in the /admin/admin_invt2.php file, which allows for remote file inclusion attacks. To mitigate this risk, organizations should upgrade to a patched version of the software as soon as possible, while ensuring that proper access controls are in place to limit exposure. The potential dangers include unauthorized access and manipulation of files, which can compromise the integrity and confidentiality of sensitive data. This vulnerability has been publicly disclosed, increasing the likelihood of exploitation by malicious actors.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share