PT-2024-35434 · Dcme-720+3 · Dcme-720+3
Published
2024-11-29
·
Updated
2024-12-04
·
CVE-2024-52778
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DCME-320 versions 7.4.12.90 and earlier
DCME-520 versions 9.25.5.11 and earlier
DCME-320-L versions 9.3.5.26 and earlier
DCME-720 versions 9.1.5.11 and earlier
Description
The issue allows for Remote Code Execution via the
/function/audit/newstatistics/mon stat hist.php endpoint.Recommendations
For DCME-320 versions 7.4.12.90 and earlier, update to a version later than 7.4.12.90.
For DCME-520 versions 9.25.5.11 and earlier, update to a version later than 9.25.5.11.
For DCME-320-L versions 9.3.5.26 and earlier, update to a version later than 9.3.5.26.
For DCME-720 versions 9.1.5.11 and earlier, update to a version later than 9.1.5.11.
As a temporary workaround, consider restricting access to the
/function/audit/newstatistics/mon stat hist.php endpoint until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dcme-320
Dcme-320-L
Dcme-520
Dcme-720