PT-2024-35439 · Dcme-720+3 · Dcme-720+3
Published
2024-11-29
·
Updated
2024-11-29
·
CVE-2024-52782
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DCME-320 versions prior to 7.4.12.90
DCME-520 versions prior to 9.25.5.11
DCME-320-L versions prior to 9.3.5.26
DCME-720 versions prior to 9.1.5.11
Description
The issue allows for Remote Code Execution and Privilege Escalation via the "/function/audit/newstatistics/mon stat hist new.php" endpoint. This could lead to unauthorized access and system compromise.
Recommendations
For DCME-320 versions prior to 7.4.12.90, update to a version later than 7.4.12.90 to prevent Remote Code Execution and Privilege Escalation.
For DCME-520 versions prior to 9.25.5.11, update to a version later than 9.25.5.11 to prevent Remote Code Execution and Privilege Escalation.
For DCME-320-L versions prior to 9.3.5.26, update to a version later than 9.3.5.26 to prevent Remote Code Execution and Privilege Escalation.
For DCME-720 versions prior to 9.1.5.11, update to a version later than 9.1.5.11 to prevent Remote Code Execution and Privilege Escalation.
As a temporary workaround, consider restricting access to the "/function/audit/newstatistics/mon stat hist new.php" endpoint until a patch is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dcme-320
Dcme-320-L
Dcme-520
Dcme-720