CVE-2024-2009

Name of the Vulnerable Software and Affected Versions Nway Pro version 9

Description A vulnerability was found in the function ajax login submit form of the file loginindex.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely.

Recommendations For Nway Pro version 9, as a temporary workaround, consider disabling the ajax login submit form function until a patch is available. Restrict access to the loginindex.php file to minimize the risk of exploitation. Avoid using the argument rsargs[] in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.