CVE-2024-50715

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Smart Agent version 1.1.0

Description: An issue in Smart Agent allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the "/youtubeInfo.php" component.

Recommendations: For version 1.1.0, consider disabling access to the "/youtubeInfo.php" component until a patch is available to prevent command injection attacks. Restrict access to sensitive information to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-50715

Affected Products

Smart Agent

CVE-2024-50715

Weakness Enumeration

Related Identifiers

Affected Products

References · 8