CVE-2024-7066

Name of the Vulnerable Software and Affected Versions F-logic DataCube3 version 1.0

Description A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /admin/config time sync.php. The manipulation of the ntp server argument leads to os command injection. This issue can be exploited remotely.

Recommendations For F-logic DataCube3 version 1.0, as a temporary workaround, consider restricting access to the /admin/config time sync.php file until a patch is available. Avoid using the ntp server argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.