CVE-2024-28734

Name of the Vulnerable Software and Affected Versions Unit4 Financials by Coda versions prior to 2023Q4

Description The issue allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. This enables the attacker to potentially escalate privileges.

Recommendations For versions prior to 2023Q4, consider disabling the use of the cols parameter in GET requests until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.