CVE-2024-5407

Name of the Vulnerable Software and Affected Versions: RhinOS versions 3.0-1190

Description: A vulnerability could allow PHP code injection through the "search" parameter in /portal/search.htm, enabling a remote attacker to perform a reverse shell on the remote system and compromise the entire infrastructure.

Recommendations: For RhinOS versions 3.0-1190, avoid using the search parameter in the /portal/search.htm endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the /portal/search.htm endpoint to minimize the risk of exploitation.