CVE-2024-9985

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Oct 15, 2024
CWE ID 434

Summary

CVE-2024-9985 identifies a critical vulnerability in the Enterprise Cloud Database from Ragic, which fails to properly validate file types during uploads. This flaw allows attackers with regular privileges to upload a webshell, enabling them to execute arbitrary code on the remote server, posing significant risks to data integrity and confidentiality. The vulnerability has an exploitability score of 3.9 and a base severity rating of 10.0, indicating that it can be exploited with low complexity and without user interaction. To remediate this issue, organizations should update their systems to ensure proper file type validation for uploads. Affected products include the 'zeRkxG' database solution, making it vital for users to implement corrective measures promptly to mitigate potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share