PT-2025-9678 · Uniguest · Uniguest Tripleplay
Publicado
2025-03-04
·
Atualizado
2025-03-10
·
CVE-2024-50707
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Uniguest Tripleplay versions prior to 24.2.1
Description
The issue allows unauthenticated remote code execution, enabling remote attackers to execute arbitrary code. This is achieved via the X-Forwarded-For header in an HTTP GET request.
Recommendations
For versions prior to 24.2.1, update to version 24.2.1 or later to resolve the issue.
Correção
RCE
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Uniguest Tripleplay