CVE-2024-8525

Name of the Vulnerable Software and Affected Versions: Automated Logic WebCTRL version 7.0

Description: The issue allows an unauthenticated user to perform remote command execution via a crafted HTTP POST request, which could lead to uploading a malicious file due to an unrestricted upload of files with dangerous types.

Recommendations: For Automated Logic WebCTRL version 7.0, consider restricting file uploads to only allow safe file types and implement authentication to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the file upload functionality to minimize the risk of exploitation.