CVE-2024-9142

Name of the Vulnerable Software and Affected Versions Olgu Computer Systems e-Belediye versions prior to 2.0.642

Description The issue allows external control of file name or path due to incorrect permission assignment for critical resources, enabling manipulation of web input to file system calls. This can lead to remote exploitation. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.0.642, upgrade to version 2.0.642 or later to mitigate the risk of remote exploitation. As a temporary workaround, consider restricting access to critical file system resources to minimize the risk of exploitation. Avoid using vulnerable functions that allow file inclusion until the issue is resolved.