CVE-2024-31556

Name of the Vulnerable Software and Affected Versions Reportico Web versions prior to 8.1.0

Description The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout, allowing an attacker to exploit the active session cookie and perform unauthorized actions.

Recommendations For versions prior to 8.1.0, update to version 8.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the sessionid function until a patch is available. Additionally, ensure that session cookies are properly invalidated upon logout to minimize the risk of exploitation.