CVE-2024-48760

Name of the Vulnerable Software and Affected Versions: GestioIP version 3.5.7

Description: An issue in GestioIP allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.

Recommendations: For GestioIP version 3.5.7, as a temporary workaround, consider disabling the file upload function until a patch is available. Restrict access to the upload.cgi file to minimize the risk of exploitation. Avoid using the file upload feature in GestioIP until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.