CVE-2024-9006

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: jeanmarc77 123solar version 1.8.4.5

Description: A critical issue exists in the software, affecting an unknown part of the file config/config invt1.php. The manipulation of the PASSOx argument leads to code injection. This issue can be exploited remotely.

Recommendations: To fix this issue, apply the patch identified as f4a8c748ec436e5a79f91ccb6a6f73752b336aa5. As a temporary workaround, consider restricting access to the file config/config invt1.php and avoiding the manipulation of the PASSOx argument until the patch is applied.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-9006

Affected Products

123Solar

CVE-2024-9006

Weakness Enumeration

Related Identifiers

Affected Products

References · 11