CVE-2024-1006

Name of the Vulnerable Software and Affected Versions Shanxi Diankeyun Technology NODERP versions up to 6.0.2

Description A critical issue affects the Cookie Handler component, specifically the file application/index/common.php, due to improper authentication when manipulating the Nod User Id/Nod User Token argument. This can be exploited remotely.

Recommendations For versions up to 6.0.2, consider disabling the Cookie Handler component or restricting access to the application/index/common.php file until a patch is available. Additionally, avoid using the Nod User Id and Nod User Token arguments in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.