PT-2024-22236 · Ffbull · Ffbull
Published
2024-03-26
·
Updated
2024-08-07
·
CVE-2024-28048
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ffBull version 4.11
Description
An OS command injection issue exists, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. The developer of ffBull is unreachable, and users are advised to consider stopping the use of ffBull version 4.11.
Recommendations
For ffBull version 4.11, consider stopping the use of this version as the developer is unreachable, and there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ffbull