CVE-2024-10653

Name of the Vulnerable Software and Affected Versions IDExpert versions up to 2.8

Description The issue concerns a lack of validation in the administrator interface of IDExpert, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. This can be exploited by injecting a specific parameter.

Recommendations For versions up to 2.8, patch immediately and restrict admin access to minimize the risk of exploitation. Additionally, validate input/output to prevent OS command injection. As a temporary workaround, consider restricting access to the administrator interface until a patch is applied.