CVE-2024-34852

Name of the Vulnerable Software and Affected Versions F-logic DataCube3 version 1.0

Description The issue is related to command injection due to improper string filtering at the command execution point in the ./admin/transceiver schedule.php file. An unauthenticated remote attacker can exploit this by sending a file name containing command injection, potentially allowing the attacker to execute system commands.

Recommendations For F-logic DataCube3 version 1.0, consider restricting access to the ./admin/transceiver schedule.php file to minimize the risk of exploitation. As a temporary workaround, avoid using file names that could be used for command injection in this file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.