CVE-2024-6127

Name of the Vulnerable Software and Affected Versions: BC Security Empire versions prior to 5.9.3

Description: The issue allows a remote, unauthenticated attacker to exploit a path traversal issue over HTTP, potentially leading to remote code execution. This can be achieved by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.

Recommendations: For versions prior to 5.9.3, update to version 5.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to upload functionality to minimize the risk of exploitation.