PT-2025-23118 · M2Soft · M2Soft Crownix Report & Ers
Published
2025-05-28
·
Updated
2025-05-28
·
CVE-2024-57337
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
M2Soft CROWNIX Report & ERS versions 5.x through 5.5.14.1070
M2Soft CROWNIX Report & ERS versions 7.x through 7.4.3.960
M2Soft CROWNIX Report & ERS versions 8.x through 8.2.0.345
Description
An arbitrary file upload issue in the opcode 500 functionality allows attackers to execute arbitrary code by supplying a crafted file.
Recommendations
For versions 5.x through 5.5.14.1070, consider disabling the opcode 500 functionality until a patch is available.
For versions 7.x through 7.4.3.960, restrict access to the file upload feature to minimize the risk of exploitation.
For versions 8.x through 8.2.0.345, avoid using the crafted file supply method in the opcode 500 functionality until the issue is resolved.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
M2Soft Crownix Report & Ers